Data Privacy

OPERATIONS SERVICES

Data Privacy

W. Capra designs and implement solutions for your organization to comply with evolving data privacy laws. Using a NIST Data Privacy Framework approach, we help organizations design and implement a cross-functional solution that is compliant with legal requirements posed by privacy laws such as CCPA and GDPR. Our team is uniquely positioned to operationalize data privacy requirements to manage the transition to compliance, all while minimizing disruption to your existing business.

Our expertise includes privacy data mapping, gap analysis of applicable laws and privacy requirements, designing and implementing data subject request (DSR) processes, and establishing intake methods for consumer requests. We can also augment your data privacy program by conducting Data Privacy Impact Assessment (DPIAs) and ensuring ongoing privacy compliance.

W. Capra is an industry leader when it comes to privacy, initially providing comments to the draft NIST privacy framework and later adopting the framework as the foundation for privacy engagements. We continue to bring awareness to privacy issues through our work as the chair of the Conexxus Data Privacy Working Group, as well as engaging with the International Association of Privacy Professional (IAPP). W. Capra consultants are continually monitoring the changing privacy landscape to assist our clients with the latest privacy technologies and information.

Latest Insights

  • PCI DSS 4.0 looms large  
    Merchants need to immediately start understanding what additional budget they are planning to allocate to tackle the increased time and costs necessary to maintain PCI compliance. Even working to find and procure the services of an approved scanning vendor will take time and internal resources.
  • Easing the Burden of Data Privacy Compliance
    Many organizations lack enough awareness of the data they collect to effectively tackle consumer privacy. In some cases, a data mapping exercise coupled with a third-party vendor assessment can be enough to uncover the detail needed to map the flow of consumer data into and out of a business. In others, fundamental change may be needed to accommodate data privacy regulations.
  • Leaping from Level 2 to Level 1 PCI Merchant Status? Here’s how we can help.
    For many merchants, PCI Compliance and related activities are a necessary annual pursuit that require additional work for resource strapped internal business units.  The looming complexities of PCI DSS 4.0, combined with transitioning to a Level 1 merchant, will likely leave many organizations in the lurch as they determine how to handle these increased responsibilities.

How Can We Help You?