Build a plan and develop processes to meet compliance for GDPR, CCPA, HIPAA and other privacy regulations using Rhymetec’s privacy expertise.
I What is a privacy compliance program?
Meeting requirements of the broad and ever-changing privacy regulatory landscape is challenging. Finding technology tools and a proven methodology, along with a partner you can trust to help build, implement and manage your privacy program can be an even bigger challenge. Rhymetec offers privacy compliance program solutions that are used to solve these challenges at scale—allowing organizations to simplify their privacy program management.
I Why Managed Privacy Services?
I How we do it
A multi-blended, simulated attack orchestrated from the perspective of a bad guy or group of bad guys. The objective is to realistically simulate a virtual and physical security attack and attempt to uncover security vulnerabilities that might otherwise be discovered by bad actors.
I Phase 1 – Privacy Assessments
Rhymetec strives to provide reports to our customers that truly reveal the vulnerable attack surface of your organization and that detail meaningful, real-world mitigations. Rhymetec does not copy and paste scanning results in our reports. Rather, you will find a full narrative that navigates the customer through the assessment. Our finding write-ups are based on our security consulting experience across many industries and are tailored to your organization’s specific situation.
I Phase 2 – Privacy Program Development
After identifying risks and building a remediation plan, the next phase is to design, build and implement processes and tools to address compliance requirements. Rhymetec offers privacy programs development in accordance with privacy regulations but not limited to:
I GDPR Privacy Development
- GDPR Privacy Governance Committee and Employee Training
- GDPR Data Inventory and Mapping (including Article 30 reporting)
- GDPR Third Party Risk Management/Vendor Management
- GDPR External and Internal Privacy Notices
- GDPR Policies and Standards (including Data Protection Addendums)
- GDPR Online and Offline Notice and Choice
- PIA/DPIA (including Article 35 reporting)
- GDPR Incident Response Planning (including simulation exercises)
- GDPR Individual Rights Management
I CCPA Privacy Development
- CCPA Privacy Governance Committee and Employee Training
- CCPA Data Inventory Program (including 12 month “look-back”)
- CCPA Risk Assessment Program
- CCPA Transparency Program
- CCPA Use, Retention and Disposal
- CCPA Third Parties and Onward Transfer
- CCPA Choice and Consent
- CCPA Children’s Protection
- CCPA Access and Individual Rights Management
- CCPA Incident Response
- CCPA Policies and Standards
I HIPAA Privacy Development
- HIPAA Security Rule (Technical & Physical & Administrative Safeguards)
- HIPAA Privacy Governance Committee and Employee Training
- HIPAA Breach Notification Rule
- HIPAA Omnibus Rule
- HIPAA Enforcement Rule
- HIPAA Risk Assessment Program
- HIPAA Choice and Consent
- HIPAA Access and Individual Rights Management
- HIPAA Incident Response
- HIPAA Policies and Standards
I Phase 3 – Privacy Program Management
- Privacy Office and General Privacy Operations Support
- Privacy and Data Governance Committee Development
- Data Inventory and Mapping
- Privacy by Design Integration
- PIA and DPIA Development
- Data subject and Consumer rights
- Marketing and Website Consent
- Vendor and Third Party Data Management
- Onward Data Transfer Procedures
- Security for Privacy
- Data Breach and Incident Response Planning
- Internal Privacy Policies and Standards
- Employee Privacy Training and Workshops
I Ready to discuss?