Data Privacy Compliance Services

GDPR, CCPA, and other regulatory frameworks

We can help assess your company’s readiness to comply with California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and other privacy requirements and help implement best practices for achieving broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps relative to the requirements of the privacy frameworks, and assist with building a practical action plan to address deficiencies.

Our solutions

In response to the rapid uptick in breaches involving personal data, the public’s expectations of privacy are evolving. More privacy regulations are coming into effect at the local, national, international, and sectoral levels. In addition to the EU’s GDPR, various other privacy laws were passed including the CCPA, CPRA, Brazil’s General Data Privacy Law, and India’s Personal Data Protection Bill. As these privacy regulations come into effect, companies are quickly recognizing that effective privacy management is not just a key compliance activity but also a key factor in business enablement in the digital economy.

We can assist with assessing your company's compliance with relevant privacy regulations. Through the implementation of best practices, we can help your company achieve broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps, provide recommendations on addressing those gaps, and support the implementation of your privacy requirements.

Our service includes:

  • Personal data discovery exercise
  • Personal data risk assessment
  • Data processor/collector (vendor) risk assessments
  • Review of data and cybersecurity governance program
  • Review of incident response procedures and published privacy notice(s)
  • Review or development of a Record of Processing activity
  • Data processor inventory
  • Privacy training (in-person or online)
  • Readiness assessment for portfolio companies
  • Privacy program and governance development assistance 
  • Data processor (vendor) risk assessments
GDPR

We can assist with assessing your company’s compliance with the EU's General Data Protection Regulation ("GDPR") requirements. The regulation, which entered into force on 25 May 2018, applies to EU-established organisations that process personal data, as well as organizations located outside of the EU that process EU residents’ personal data in connection with the offering of goods and services or that monitor the behaviour of EU residents.

CCPA

We can assess your company’s compliance with CCPA  and CPRA requirements and provide recommendations to address deficiencies.

Other Regulatory Frameworks
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Brazil's Lei Geral de Proteção de Dados (LGPD)
  • Gramm-Leach-Bliley Act (GLBA)
  • State-specific breach notification laws
  • National privacy laws around the globe
GDPR Awareness Training

Our web-based training course provides businesses of all sizes with an effective and comprehensive review of GDPR requirements. The course is designed to ensure your staff gain a broad understanding of their role in meeting GDPR requirements.

We offer two types of GDPR training: one designed for all business, and one designed for private equity/venture capital/credit fund managers.

 

GDPR Vendor Diligence

We can help determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. Our vendor management platform includes a GDPR-specific due diligence questionnaire that can be administered as a standalone questionnaire at a reduced rate, or as part of the standard ACA Aponix vendor DDQ.

 

1 of

Privacy regulation FAQs

Get answers to FAQs for the California Privacy Rights Act of 2020 (CPRA) and how it updates the CCPA. 

Get answers to FAQs for all industries including whether CCPA applies to your company and how it compares to GDPR. 

Get answers to FAQs for financial services firms including implications for hedge funds and private equity firms. 

Get answers to FAQs including what data is in scope, breach notification requirements, and the impact of Brexit.

FAQs to help you navigate the complexities of Brazil's LGPD compliance regulation and ensure compliance.

1 of

Latest insights

ACA Threat Intelligence Alert Blog Image

Virginia Senate Passes Consumer Data Protection Act

The Virginia Senate has unanimously passed the Virginia Consumer Data Protection Act (VCDPA) and once approved by the governor, the law is set to go into effect on January 1, 2023. This data privacy law would grant privacy rights and consumer protection to Virginia residents. Learn how to prepare for these new protections.

Cyber Alert
  • Cybersecurity
  • Privacy
ccpa privacy

California Approves CPRA, Which Amends CCPA

Learn more about the California Privacy Rights Act (CPRA), which amends the existing California Consumer Privacy Act (CCPA).

Cyber Alert
  • Cybersecurity
  • Privacy
cyber code

The Schrems II Decision: What Now?

U.S. companies are finding themselves on uncertain terrain as they struggle to understand the implications of the recent EU decision to strike down the Privacy Shield agreement Get ACA's guidance on what steps to take to reduce risk in data transfers.

Article
  • Cybersecurity
  • Privacy
ACA Threat Intelligence Alert Blog Image

CCPA Enforcement leads to Multiple Class-Action Lawsuits

The California Consumer Privacy Act (CCPA) went into effect on 1/1/20 and enforcement began on 7/1/20. There has already been considerable activity on the class action front, much of it even before the enforcement date. Review what you need to do to avoid CCPA penalties.

Article
  • Cybersecurity
  • Privacy
ccpa privacy

Updates to the CCPA: Deadline is July 1

As we approach the California Consumer Privacy Act (CCPA) enforcement deadline you may be wondering what happens next. We have updated our CCPA FAQs with the most up-to-date information.

Article
  • Cybersecurity
  • Privacy
cyber code

Privacy Considerations on Returning to the Office

Read our guidelines for best privacy practices in implementing contact tracing and symptom tracking of employees as stay-at-home restrictions begin to ease and employees who have been working from home return to the office.

Article
  • Cybersecurity
  • Privacy

News

ACA Group Announces ComplianceAlpha® 2021Q2 with New Features Designed to Help Financial Services Firms Meet Increasing Demands for Digitizing Compliance Programs

ComplianceAlpha 2021 Q2 introduces a suite of new features and sophisticated technology enhancements designed to help firms globally build more comprehensive and scalable GRC programs in line with the expectations of regulators, boards, management, clients, and investors.

Russell Investments Selects ACA Group’s ComplianceAlpha to Modernize Their Risk and Compliance Program from a Single Platform

Russell Invesments has selected ACA's ComplianceAlpha® to help modernize and streamline their compliance program.

We Are Now ACA Group

This week, ACA Compliance Group made the move to ACA Group, better known to our clients and industry partners as ACA.

Upcoming events

Compliance Officer: The Role and Responsibilities - 13 May 2021

The role of the Compliance Officer is a mandatory position in all firms in the Financial Services Industry. They play a major role in assisting Senior Management to ensure that appropriate and effective systems and controls are in place to achieve and maintain compliance with the applicable Rules. While the nature of the Compliance Function is likely to differ from one firm to another, this course provides an easy to follow breakdown of what the Regulator expects of a Compliance Officer and explains, in practical terms how the regulatory expectations and those of Senior Management can be achieved.

Online Training

Senior Management Obligations under the SM&CR - 19 May 2021

The ever-increasing focus by the Regulators on the accountability of senior management, particularly when things go wrong, emphasises how important it is for individuals in senior positions to have a clear understanding of what is expected of them. This succinct course is designed to assist Senior Managers to have a full understanding of what they need to do to achieve compliance with the rules under the obligations created by the Senior Managers and Certification Regime (SMCR).

Online Training