Privacy and Compliance

Innovative Driven provides data privacy services that offer strategic guidance and operational best practices for clients to build their own privacy programs and data governance models. ID services further develop and mature an organization’s privacy processes, practices, and procedures.

Here are the ID actions and tools that will bring privacy compliance confidence to your organization

Privacy Program Assessment

An overall assessment of an organization’s privacy maturity, including processes, stakeholder analysis, training, information security, and other capabilities.

  • Interviews with key business stakeholders and data owners
  • Baseline for data privacy program maturity
  • Identify key areas for improvements and exposure to privacy risk
  • Recommendations for short- and long-term action items based on business needs
  • Privacy maturity roadmap
  • Data privacy report showing where you land on ID’s Information Governance Maturity Assessment
Privacy Project Management (as a Service)

Privacy engagement oversight, including client initiatives and remediation efforts.

  • Project plan will include initial activities and follow-up remediation items. Examples include tracking the progress of data inventories, training, delivery, etc.
  • Project schedule with tasks, resources, and timelines. Tasks can include deliverables provided by the client.
  • Regular progress reports, based on the client’s requirements.
Privacy Policy, Processes, and Procedures Development

ID creates relevant privacy documentation that is critical to a successful privacy program.

  • Review of existing client documentation. Includes internal documentation and externally facing privacy notices and statements.
  • Internal employee privacy policy to guide behavior and support other client policies.
  • Processes and procedures for data inventories, Privacy Impact Assessments, Data Protection
  • Impact Assessments, Data Subject Access Requests (DSARs), and more.
  • Training on privacy documentation and policy lifecycle management.
Data Inventories

Builds records of processing based on key business processes. Conducts quality review of stakeholder responses. Highlights higher risk areas suitable for follow-up in a Privacy Impact Assessment (PIA) or Data Protection Impact Assessment (DPIA). Identifies third parties for further review.

  • Guidance on prioritizing business processes as part of the scope.
  • Training on how data inventories fit into a privacy program.
  • Tracker of business processes and stakeholders who will respond to data inventory assessment.
  • Review of information security controls.
  • Review data retention requirements and design workflows as needed to implement client processes.
  • Summary of data inventories with recommendations for improvement.
  • Assessment of data inventories for higher-risk areas.
  • Reporting as required.
Data Subject Access Requests (DSARs)

Verifies DSAR policies and procedures are being followed and provides oversight on progress to optimize activities related to DSARS.

  • Training on how the DSAR process fits into a privacy program. Explains roles of Data Controller and Processor, and situations when action is taken.
  • Response tracker for DSARs, including key contacts who respond and take action.
  • Maintain DSAR metrics.
  • Dashboard illustrating DSAR trends.
Third Party Management

Based on analysis of data inventories, identifies third parties that are processing privacy data.

  • Working with the client, confirms that appropriate Data Processing Agreements (DPAs) are in place.
  • Reports of gaps and areas of improvement.
  • Report of key third parties that process privacy data.
  • Recommend third-party data privacy reviews, based on priorities.
  • Dashboard illustrating progress on third-party management.
Privacy by Design (PbD)

Implements principles of PbD and emphasizes the importance of building privacy into all business processes.

  • Training on principles of PbD and practical implementation in an organization.
  • Training on how PbD fits into an organization’s culture, and the significance of a proactive approach to data privacy.
  • Checklist of PbD key points for processes and projects.
  • Process for including PbD in the client’s project management program.
Individual Rights and Consent

Reviews how individual rights are being acknowledged in business processes. Verifies appropriate cookie consent implementation.

  • Report on consent and legal basis for processing private data.
  • Review of cookie consent implementation.
Cross Border Transfers

Based on the analysis of data inventories, analyzes where privacy data is being transferred. Tracks compliance with international regulations.

  • Report on private data transfers and list of applicable regulations.
  • Report on risk based on cross-border transfers.
M&A Privacy Assessment

Conducts privacy assessment on organizations in scope for M&A activity.

  • Assessment report on privacy posture of in-scope organization, highlighting risk areas.
  • Project plans to integrate privacy practices of in-scope organization into client.
Privacy Regulation Compliance

ID will work with you to not only get compliance, but set up processes and policies to stay compliant, so that you can focus on the important stuff.


You can’t run, and you can’t hide! GDPR and CCPA compliance laws aren’t going anywhere and while it seems like a daunting task to get up to date, it’s much worse to be caught violating privacy laws. These privacy and compliance regulations specify deadlines for responding to a DSAR (data subject access request), and if you don’t know where your data is, the timeline is rarely enough to search all systems that may contain subject data.

ID’s Consultants will collaborate with you to resolve and address privacy and compliance issues:

Identify Sensitive Data

Locate sensitive personally identifiable information, protected healthcare information, and financial information.

Improve Data Asset Protection

Tighten access controls and reexamine IT architecture to protect identified critical and sensitive data and information assets.

Streamline Privacy and System Assessments

Maturing your data ecosystem will help simplify NIST 800-53, SOC 2 reporting, and ISO 27000 privacy and security assessment processes.

Improve Compliance with Data Subject Asset Requests (DSAR)

Confidential, accurate, and timely responses to DSARs with better knowledge of where data resides.

Data Breach Notification

Rapidly identify sensitive data and individuals impacted in the event of a data breach; better determine litigation risks and potential exposure; and improve communication with executive decisionmakers, inside and outside counsel, insurers, regulators, and others.

Privacy and compliance benefits provided by an ID consulting engagement

  • Better understand the personal data your company collects, stores, and processes
  • Assess and remediate underlying risks and implement controls to protect valuable data
  • Decrease exposure during a data breach and improve your organization’s litigation readiness

Related Content

  • One Pager
    Legal Hold
    Legal Hold
  • One Pager
    IG - ID Email Manager
    IG - ID Email Manager
  • One Pager
    Privacy Compliance (with OneTrust)
    Privacy Compliance (with OneTrust)
  • One Pager
    Privacy Compliance Overview
    Privacy Compliance Overview
  • One Pager
    State Privacy Law Checklist
    State Privacy Law Checklist
  • Case Study
    A Proactive Approach to IG with IBM StoredIQ
    A Proactive Approach to IG with IBM StoredIQ
  • Risk Assessment and Compliance Programs for Information Governance
    Risk Assessment and Compliance Programs for Information Governance
  • Seven Steps to Gain Control of Your Data Sprawl
    Seven Steps to Gain Control of Your Data Sprawl

What Our Clients Say

Very responsive and helpful project management teams who complete requests in a very timely fashion, often ahead of deadlines.


Law Firm

Innovative Driven’s expertise, capacity, and customer service are impeccable and we trust them with everything from small matters to bet the company litigation.


Every person with whom I’ve interacted has been responsive, professional, and incredibly flexible. There is always someone on stand-by to answer every question I have, and they do so in an effective and efficient manner.


Law Firm