privacy engagement timeline

Typical duration: 6-12 weeks
Scope impact: # of apps, platforms, and user constituencies

1-2 weeks

collaborative workshops

We start with collaborative workshops with your subject matter experts and business stakeholders. We gather relevant documentation such as current opinions from your legal counsel, as well as existing policy and procedure documentation. We also learn about your organization, culture, and business drivers.

2-3 weeks


We gather observations and document your current state environment. We also articulate your business, regulatory, functional, and technical requirements, constraints, and dependencies.

1-2 weeks

risk assessment

We create a graphical view of privacy "hot spots" in your technology landscape. We conduct a lightweight risk-assessment for each privacy-impacted platform. We document and escalate any identified "burning issues" that may require immediate attention.

1-3 weeks


We develop risk-informed recommendations to address every identified risk. Recommendations are influenced by your business drivers, legal and regulatory obligations, culture, talent, risk posture, risk appetite, risk exposure, and current technology environment.

1-2 weeks


Recommendations typically consist of actions and projects. Actions are one time events, such as creating job descriptions and revising or authoring policies. Projects can be time-bound or ongoing efforts, and usually entail data discovery, data scrubbing, the selection and implementation of data protection capabilities, and technology remediation. We help you develop charters for every project, organize them into initiatives, and prioritize them on a 1-to-2-year roadmap.

Privacy Practice Domains                          

Data Access Policies
• Data Subjects
• Data Controllers
• Data Processors
Data Protection Officer (DPO) Job Description
Data Types & Classification
Incident & Breach Response
Legal Agreements & Liability Limits
Privacy by Design Principles
Privacy Impact Assessments
Privacy Risks
Program Governance
Regulatory, including GDPR & CCPA
Third-Party Risk

Privacy Technology Domains                   

Consent Management
Data Discovery
Data Lineage
Data Loss Prevention
Data Protection Methods & Technologies
• Access Controls
• Cryptography
• Information Barriers
• Obfuscation
System Inventories