Data Privacy

We work with clients to assess the current state of an organization’s data privacy maturity and deliver workable and sustainable remediation in line with the client’s risk posture, strategic growth plans, operating model, budget, and digital transformation priorities. Secretariat’s team can be engaged remotely, in person, or through a hybrid delivery model. When beneficial to an engagement, we leverage Secretariat’s cross-discipline expertise in cybersecurity, data governance, analytics, and data strategy as part of a maturity assessment. Armed with a comprehensive gap analysis, remediation report and risk-based roadmap featuring a clear list of prioritized activities, we enable our clients to begin a journey which offers a predictable and smoother glidepath towards compliance.

Corporate strategic priorities, compliance obligations, and data risks continue to converge around data privacy, cybersecurity, and data governance. As a result, cost-effectiveness, resource management, and technical efficiency are increasingly relevant to manage, mitigate, and remediate data risks created by existing and future data protection legislation. Secretariat’s data privacy experts work closely with client stakeholders to improve and implement a data privacy program across a variety of governance models. Our experienced team works collaboratively with clients to enhance data privacy programs based on our clients’ unique goals, objectives, and global obligations.

Technology is increasingly becoming a critical component of any effective and efficient data privacy program. Secretariat’s data privacy technology experts work closely with clients to understand goals, pain points, and change management challenges related to data privacy technology. Whether selecting a new technology or enhancing an existing platform, we work with clients and technology implementation teams to (1) review technical solutions collaboratively with internal stakeholders, (2) identify priority data privacy implementation modules, (3) participate in the technology procurement process, and (4) provide detailed recommendations and support with implementation. Our data privacy technology experts focus on our clients’ unique challenges and requirements, and our approach is always technology-agnostic.

In the increasingly complex data privacy landscape, Secretariat’s experts work closely with executive and senior-level client stakeholders to (1) consider the risk, financial and commercial implications of a desired privacy ambition level before articulating a clear target state (2) calibrate short-term, medium-term, and long-term data privacy requirements, (3) review and enhance existing data privacy strategies, (4) align data privacy strategies with broader cybersecurity and data governance strategies, (5) ensure efforts are risk-based and guided by a comprehensive analysis of the issues that the organization is facing, and (6) collaboratively design a detailed roadmap for implementation of a privacy management program focused on key risks.

Secretariat experts across data privacy, cybersecurity, data governance, and analytics work collaboratively with external counsel and private equity firms to deliver an integrated approach to due diligence and post-acquisition integration. Secretariat’s cross-discipline professionals will (1) review existing documentation and conduct interviews with relevant stakeholders, (2) assess current state and perform a gap analysis to regulator readiness, (3) design and execute on practical and sustainable remediation strategies, and (4) prepare a postmigration data defensibility binder in the event the integrity of legacy or migrated data is ever at issue.

Secretariat’s data privacy experts can support an organization’s compliance with global privacy laws, with our flexible DPOaaS model. We can provide ongoing support and advice to DPOs, or assume DPO responsibilities on an interim, fractional, or engagement-level basis.

Secretariat’s highly seasoned experts can fill the role of DPO for an interim period, overseeing compliance and serving as the point of contact for supervisory authorities and data subjects, while working with the organization to identify and establish a permanent DPO. We also work with management teams to design a flexible DPO model that fits an organization’s unique challenges and goals, enabling compliance whilst supporting the operationalization of privacy programs. This solution may include: (1) assistance with key compliance obligations, from Records of Processing Activities, to Data Protection Impact Assessments, and the management of requests to exercise individual rights, (2) supporting data breach response and remediation efforts, (3) budget and roadmap development to improve internal privacy capabilities and uplift privacy maturity, (4) board-level data privacy awareness presentations and organization-wide data privacy training, or (5) DPO and privacy team mentoring and upskilling, to achieve defined goals.