Data Privacy Compliance Services

GDPR, CCPA, and other regulatory frameworks
  1. ACA Aponix
  2. Data Privacy Compliance Services

We can help assess your company’s readiness to comply with California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), General Data Protection Regulation (GDPR) and other privacy requirements and help implement best practices for achieving broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps relative to the requirements of the privacy frameworks, and assist with building a practical action plan to address deficiencies.

CONNECT WITH US


CONNECT WITH US


Privacy regulation FAQs

CPRA

Get answers to FAQs for the California Privacy Rights Act of 2020 (CPRA) and how it updates the CCPA. 

CCPA for Non-Financial Services Companies (Updated)

Get answers to FAQs for all industries including whether CCPA applies to your company and how it compares to GDPR. 

CCPA for Financial Services Firms (Updated)

Get answers to FAQs for financial services firms including implications for hedge funds and private equity firms. 

GDPR

Get answers to FAQs including what data is in scope, breach notification requirements, and the impact of Brexit.

LGPD

FAQs to help you navigate the complexities of Brazil's LGPD compliance regulation and ensure compliance.

1 of

Our solutions

In response to the rapid uptick in breaches involving personal data, the public’s expectations of privacy are evolving. More privacy regulations are coming into effect at the local, national, international, and sectoral levels. In addition to the EU’s GDPR, various other privacy laws were passed including the CCPA, CPRA, Brazil’s General Data Privacy Law, and India’s Personal Data Protection Bill. As these privacy regulations come into effect, companies are quickly recognizing that effective privacy management is not just a key compliance activity but also a key factor in business enablement in the digital economy.

We can assist with assessing your company's compliance with relevant privacy regulations. Through the implementation of best practices, we can help your company achieve broader privacy risk and compliance objectives across your enterprise. Our team of experienced consultants can review your company’s personal data collecting activities to build a data inventory, identify risks and gaps, provide recommendations on addressing those gaps, and support the implementation of your privacy requirements.

Our service includes:

  • Personal data discovery exercise
  • Personal data risk assessment
  • Data processor/collector (vendor) risk assessments
  • Review of data and cybersecurity governance program
  • Review of incident response procedures and published privacy notice(s)
  • Review or development of a Record of Processing activity
  • Data processor inventory
  • Privacy training (in-person or online)
  • Readiness assessment for portfolio companies
  • Privacy program and governance development assistance 
  • Data processor (vendor) risk assessments

GDPR

We can assist with assessing your company’s compliance with the EU's General Data Protection Regulation ("GDPR") requirements. The regulation, which entered into force on 25 May 2018, applies to EU-established organisations that process personal data, as well as organizations located outside of the EU that process EU residents’ personal data in connection with the offering of goods and services or that monitor the behaviour of EU residents.

CCPA

We can assess your company’s compliance with CCPA  and CPRA requirements and provide recommendations to address deficiencies.

Other Regulatory Frameworks
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Brazil's Lei Geral de Proteção de Dados (LGPD)
  • Gramm-Leach-Bliley Act (GLBA)
  • State-specific breach notification laws
  • National privacy laws around the globe
GDPR Awareness Training

Our web-based training course provides businesses of all sizes with an effective and comprehensive review of GDPR requirements. The course is designed to ensure your staff gain a broad understanding of their role in meeting GDPR requirements.

We offer two types of GDPR training: one designed for all business, and one designed for private equity/venture capital/credit fund managers.

 

GDPR Vendor Diligence

We can help determine if your vendors are compliant with GDPR requirements, working towards compliance, or have not considered the implications of GDPR. Our vendor management platform includes a GDPR-specific due diligence questionnaire that can be administered as a standalone questionnaire at a reduced rate, or as part of the standard ACA Aponix vendor DDQ.

 

1 of

Latest insights

cyber code

Privacy Considerations on Returning to the Office

Read our guidelines for best privacy practices in implementing contact tracing and symptom tracking of employees as stay-at-home restrictions begin to ease and employees who have been working from home return to the office.

Article
  • Cybersecurity
  • Privacy
cyber lock

Staying on Top of Data Privacy During the COVID-19 Pandemic

Technology and information security may not be as strong in work-from-home environments as in office settings, and the risk of exposure of sensitive information may be greater. Firms need to remain vigilant about data privacy to meet regulatory expectations and protect against breaches.

Article
  • Cybersecurity
  • Privacy
  • BCP
  • COVID-19
ACA Threat Intelligence Alert Blog Image

California Attorney General Signals Approach to Upcoming CCPA Enforcement

In a December 10 interview, California Attorney General (AG) Xavier Becerra provided insight into planned enforcement for the upcoming implementation of the California Consumer Privacy Act (CCPA). Per the interview, the effort firms take to comply will affect the severity the AG takes in enforcement.

Compliance Alert
  • Cybersecurity
  • Privacy
ACA Threat Intelligence Alert Blog Image

CCPA Amendments Signed Into Law

Learn more about the California Consumer Privacy Act (CCPA) amendments signed into law October 11, 2019. The CCPA, with the accepted amendments, will go into effect on January 1, 2020.

Compliance Alert
  • Cybersecurity
  • Privacy
ccpa privacy

CCPA Amendments to Be Finalized in October 2019

The California Consumer Privacy Act (CCPA) is scheduled to go into effect on January 1, 2020.

Compliance Alert
  • Cybersecurity
  • Privacy
abstract black and white looking up at building

ACA Aponix Launches CCPA Compliance Assistance Service

ACA Aponix is excited to offer a compliance assistance service for California Consumer Privacy Act (CCPA) requirements.

Press Release
  • Cybersecurity
  • Privacy
More insights

News

Highlights From the 2024 ACA Conference

As the curtains close on the ACA Conference 2024, the echoes of transformative dialogue and insightful revelations resonate, shaping the trajectory of GRC in financial services.

Cybersecurity Benchmarking Survey Lists Top Concerns and Preparedness Among Respondents

Our annual survey in partnership with NSCP reveals that investment firms overlook AI as a cybersecurity risk and remain wary about SEC cybersecurity enforcement and compliance with new rules

ACA Group Launches Dedicated Practice Group Providing GRC Solutions for Wealth Managers

ACA Wealth sets a new standard in GRC support for wealth managers, providing unmatched expertise and comprehensive solutions to address evolving regulatory requirements.

More News

Upcoming events

Curing Compliance Insomnia: Top 5 Compliance Challenges Keeping You Up At Night

Ever-changing regulation, the threat of an impending exam, and worrying about whether your reps are texting clients are among just a few of the compliance concerns wealth managers face daily. Join us as we address the top 5 compliance challenges for wealth managers and how to mitigate them.

Webcast
More Events