Privacy Risk Assessments

Privacy Risk Assessments

Identify privacy risks and build remediation plans.

Business teams must understand personal data flows and privacy risks that result from a new product launch, global expansion, or merger and acquisition activity. They also need to understand the privacy impacts of new legal and regulatory threats or increased scrutiny from governmental authorities.

TrustArc Privacy Risk Assessments

TrustArc Privacy Risk Assessments entail a systematic evaluation of how personally identifiable information is collected, used, shared and maintained by an organization. The privacy risk assessment process provides development teams with the greatest opportunity to shape the evolution of products and services for successful business outcomes with as few privacy risks as possible.

Privacy Expertise - TrustArc
Proven Methodology - TrustArc
Powerful Technology - TrustArc

Deep Privacy Expertise + Proven Methodology + Powerful Technology

TrustArc solutions are powered by a unique combination of deep privacy expertise developed over two decades, proven methodologies refined through tens of thousands of engagements, and powerful technology operating at scale for six years.

Our Proven, 5 Step Process

Our process is based on two decades of experience delivering privacy services to thousands of clients around the world:


Step One

Data Inventory

Through a series of interviews, we work with your team to find any personally identifiable data collected or used in the product or processes at issue. Then we fully map those data flows from the point of collection, storage, and processing. We also map any resources involved in processing, retention, and deletion. Together we will gather supporting documents, including requirements documents, specs, database schemas, and third-party data protection agreements.

Step Two

Risk Clarification

The Data Inventory is mapped to the relevant products, systems, and business processes, and data elements are classified according to purposes, uses, and associated risk levels. We apply our scanning technology to applicable websites and mobile apps, shedding light on trackers and tracking technologies used, with Privacy Sensitive Index (PSI) scoring and insight into personally identifiable information (PII) data collection.

Step Three

Policy & Practices
Compliance Review

Our consultants analyze your stated privacy policies and data management practices alongside the applicable frameworks dependent on the nature and location of the relevant product or processes. Our methodology includes a broad look at risk factors, including those introduced by service providers, vendors and other third parties.

Step Four

Findings Report
& Gap Analysis

From the compliance review, our consultants provide you with a Findings Report & Gap Analysis outlining the full data lifecycle analysis and risk classification, and describing any gaps found versus the applicable frameworks and against industry best practices. For each gap, we provide a recommended remediation measure, with required and best practice changes.

Step Five

Policy & Practices
Change Guidance

Armed with our gap analysis and remediation recommendations, we can assist in the development of policies and training programs, provide sample language and templates, and validate remediation steps.

Assess your privacy risks and compliance versus a wide range of standards.


Resources