Our Approach and
One of the ways a U.S. based organization can transfer personal data from the E.U. back to the U.S. and meet the intent of the Directive is to comply with the Safe Harbor requirements. Complying with the Safe Harbor can be a very time consuming and arduous process. SecureState understands that most organizations do not have the dedicated personnel necessary to understand and build a privacy program that meets the conditions set forth by the Safe Harbor. As such, SecureState’s Project Management Services process aims to alleviate the difficulty associated with complying by utilizing a proven methodology to assist clients in navigating the Safe Harbor principles, and evaluating Safe Harbor compliance through a well thought-out, repeatable process.
SecureState CIPP Certified professionals will perform a GAP Assessment that can be used to:
- Self-Certify to the U.S. Department of Commerce your company has implemented the seven Safe Harbor principles and abided by any applicable FAQs and DPA advisories;
- Accept jurisdiction of the U.S. Federal Trade Commission (FTC) under section 5 of the Federal Trade Commission Act (which prohibits unfair or deceptive practices affecting commerce and allows for FTC sanctions);
- Implement policies, procedures, and controls to ensure that organizations that process personal data received from the E.U. and Switzerland are in compliance with the Safe Harbor requirements.
- Should material gaps exists, SecureState and work to build a roadmap to comply, before self-certifying with Department of Commerce.
SecureState’s EU SAFE HARBOR Gap Assessment/Pre-Audit approach maps critical information processes to determine if regulatory controls have business impact. The goals are to:
- Evaluate the effectiveness of your EU SAFE HARBOR compliance program
- Review EU SAFE HARBOR controls
- Remediation cost-justification
The stages of our EU SAFE HARBOR Gap Assessment/Pre-Audit, with limited descriptions, are as follows:
- Introduce engagement participants and define roles
- Review engagement activities
- Review any applicable documentation
- Document the high level in-scope EU SAFE HARBOR systems and technical infrastructure
- Document the existing controls used to protect in-scope EU SAFE HARBOR Assets
- Identify gaps against the EU SAFE HARBOR requirements.
- Outline strategic recommendations to mitigate identified control gaps
- Upload remediation activities to MyState Portal