Data Privacy Consulting

Data Privacy Consulting


General Data Protection Regulation (GDPR) is enforced in May 2018. The new General Data Protection Regulation changes the way businesses and organizations handle personal information. Due to the rapid pace of technological changes, digital information is being created, used, stored and distributed on a very large scale. The old structure of data handling, therefore, is no longer adequate to meet the challenges arising from globalization and technological advancements. Organizations will have to adapt to GDPR data transfer rules when transferring personal data outside the EU. Nevertheless, in addition to the opportunities and benefits it generates, GDPR also increases the organization’s obligations and investments made to be GDPR compliant. In case organizations fail to comply with the GDPR requirements, the penalties can reach up to € 10 million or 2% of an organization’s annual turnover, whichever is greater.

PM GAME has highly qualified resources certified in ISO 27001 BS 10012 and ISO 27701 and can provide a comprehensive consulting service to the client in helping them becoming compliant with GDPR requirements

CCPA and other Data Privacy Act

Last year, the state of California passed a crucial privacy law which gives consumers a lot more control of their data. This act gives residents all the rights to control what information companies obtain on them and how that information is used. The CCPA just came into effect on January 1, 2020, and it provides state residents with new tools of shielding their online personal information, hence, saddling businesses with a lot more responsibility

The CCPA passed in 2019, and is considered to be one of the most comprehensive privacy legislations to be enacted in the US, according to the American Bar Association (ABA). Under this new legislation, residents of California are able to demand companies to reveal what information is obtained on them as well as the possibility of requesting a copy of that information. SEC. 3. Title 1.81.5 (commencing with Section 1798.100) is added to Part 4 of Division 3 of the Civil Code.

Additionally, companies can be forced to delete their consumer’s data upon request and they are forbidden from selling it, if the customer clicks the “do not sell” button on their company website. This will not have an effect on receiving equal service and price whether they exercise their privacy rights or not. Thus, companies are not allowed to treat a user differently because they have requested to have access to their personal data.

What We Actually Do

Certified Data Protection Officer:

A Certified Data Protection Officer will be assigned to help you to become compliant

Performing Gap Analysis:

To identify the maturity of the organization with respect to GDPR articles or CCPA Titles

Meeting the Gap:

Certified Data Protection Officer (CDPO) from PM GAME will guide the client to meet the gaps by formulating the required policies and procedures.


PM GAME will help the organization in performing Data Protection Impact Analysis (DPIA) using 1st Privacy tool. Consultants will analyze the client’s application to define the data model and process model to identify the impacted data elements and processes

Risk Analysis:

PM GAME will also assess the risks arising from gap in the compliance and will help the organization in mitigating the risk using 1st Privacy.

Cooperate with Supervisory Authorities:

Finally, PM GAME through their partnership with PECB will get the client certified in ISO 27001/ 27701.