Privacy - CCPA & GDPR Services
Do You Need to Implement CCPA?
(California Consumer Privacy Act 2018)
Is Your GDPR Program Compliant?
(EU General Data Protection Regulation 2016/679)
The Convergent ‘Privacy Control Framework & Requirements for Implementation’ provides a structure for managing personal data that a business can use to comply with the requirements of GDPR and to implement CCPA which comes into force Jan 1, 2020.
US regulators are increasingly expecting that privacy management is embedded throughout an organization. The most effective, efficient and scalable approach is to implement and maintain one consistent privacy management program that maps to multiple laws.
By complying with the Framework, you will be clearly stating that you take data privacy seriously and are managing it with industry best practice. The Framework can be easily integrated into other management system standards such as ISO 27001 (Information Security). In addition, adopting the Framework can:
- help you to identify and manage risks to personal information;
- support regulatory compliance with data protection legislation;
- enhance customer loyalty;
- protect your reputation; and
- ensure your personal information management practices are recognized with best practices.
GDPR & CCPA Program Validation
CCPA planning & GDPR compliance assessment and gap analysis on specific departments, individual offices, or across your entire operation. We provide you with a comprehensive report of its findings tailored specifically to your organisation, which can be shared with third parties to provide GDPR program evidence.
Vendor Risk Management
Convergent can efficiently conduct vendor risk assessments both during the initial vendor onboarding phase as well as re-audit existing vendors on a risk-based schedule. We can send privacy and security assessment questionnaires directly to vendors and generate a central record of all your vendors, contracts and data transfers.
Data Breach Notification
Our breach management service supports you in ensuring you have recognised, considered and addressed your critical legal obligations under GDPR by assisting in the preparation of notifications, creating and implementing any required remediation items as well as training your staff to minimise the opportunity for future events.