General Data Protection Regulation (GDPR)

For EU-based organizations or those with EU or UK constituencies, GDPR substantially increases the complexity of managing personally identifiable information. It also significantly boosts the penalties associated with noncompliance.

Every organization that operates data centers in Europe or maintains information on contacts, customers, prospects, website users and others who reside there is subject to GDPR, the General Data Protection Regulation. For most, compliance requires creating new programs, policies and procedures as well as appointing and training internal representatives. Some firms may need to supplement their existing technology and workforce in order to handle increased customer interaction. Noncompliance can result in hefty fines, operational setbacks and reputational damage.

Our senior partners lead talented teams in helping organizations introduce an enterprise-wide security culture and ensure privacy “by design and by default.”

Combining an international presence with expertise in technology systems, digital forensics, IT risk advisory and cybersecurity, we are ideally qualified to help navigate this unprecedented challenge. As the lead North American representative in PKF International, we are connected to experts in more than 400 cities, 150 countries across five continents.

Comprehensive Program Support

Our specialists work closely with clients’ internal staff to help fulfill the ruling’s requirements in the following key areas quickly and effectively:

  • Inventory Data Processes
  • Privacy Policy Update
  • Data Governance Framework
  • Incident Response
  • Data Protection Officer
  • IT/Cybersecurity Risk Assessment Program
  • Internal Awareness and Communication

For U.S. multinationals, businesses, associations, educational institutions and other organizations that hold the personal data of residents of the European Union (EU) or United Kingdom (UK), we deliver the following essential services:

  • GDPR gap analysis
  • Privacy impact assessments
  • GDPR compliance auditing
  • Cyber/Information security assessments/Audits
  • Privacy and cybersecurity awareness training
  • Penetration testing
  • Vulnerability scanning
  • Incident response plan development
  • Policy and procedure development