Sustainable Privacy and AI Compliance

The idea is simple. Most mid-sized high growth organizations need to focus their efforts and resources on their core offerings. They do not have the volume of work to keep a full-time privacy and AI team busy, nor can they attract or afford top talent.

Our model provides these organizations with critical expertise, experience and turnkey compliance without the cost or commitment of a full-time hire.

iStock-979000094.jpg

1bigthink Difference

The world has changed. Privacy and AI compliance are here to stay. Regulations around the world are in constant flux. New regulations and judgements are developing daily. Organizations, feeling pressure from their stakeholders to take privacy and AI compliance seriously, are forced to embrace concepts like privacy by design, transparency, purpose limitation, data minimization, and data subject rights. With 1bigthink’s services, organizations gain the capacity and abilities of a DPO and AI expert offering all the above, at a fraction of the cost, while maintaining independence requirements.

Many organizations are realizing that they do not have, or cannot maintain, the experience and expertise that are needed to address these issues. The solution, in this dynamic environment, is to take a risk-based approach guided by an experienced executive with:

  • Broad and deep privacy skill sets across industries.

  • An ability to remain current on the regulatory and threat environment. 

  • Insights into industry-leading practices.

  • Knowledge of the processes and technologies to mitigate compliance, privacy, and AI risk.

  • An understanding of the quickly evolving privacy and AI regulatory environment.

  • Access to world class advice and leadership. 

  • Experience in developing and executing privacy and AI programs.

Services

iStock_79752873_XXLARGE.jpg

Virtual Data Protection (DPO) Service - Turnkey Privacy Compliance

A DPO is an enterprise security leadership role responsible for overseeing data protection strategy compliance and implementation to ensure compliance with relevant regulatory requirements (GDPR, CCPA/CPRA, etc.). The DPO's role may include:

  • Creating and operationalizing the privacy program to meet the compliance requirements of all relevant regulations.

  • Informing and advising the company and employees of their data protection obligations and other important compliance requirements.

  • Monitoring compliance and impact, including directing audits and addressing issues.

  • Raising awareness in, and training staff involved in, data processing.

  • Providing advice when requested regarding the data protection impact assessments (DPIAs) and monitoring compliance and performance.

  • Serving as the primary point between the company and relevant Supervisory Authorities (regulators).

To be effective, a DPO needs not only "expert knowledge of data protection law and practices," but also to possess

  • Broad and deep information privacy, compliance, and data processing skill sets across industries.

  • An ability to remain current on changes in data protection regulation.

  • A complete understanding of IT infrastructures, technologies, and technical and organizational structures in your industry.

  • Insights into industry-leading data protection practices.

  • Excellent management skills as well as the ability to interface easily with internal staff at all levels.

Artificial Intelligence (AI) Compliance Service - Turnkey AI Compliance

As Artificial Intelligence (AI) is embedded in our products, workflows, and systems, complying with the new AI based regulations and frameworks is going to be a challenge for most organizations. 1bigthink’s AI Compliance Service is designed to integrate with the organization’s privacy program and provide the required governance, compliance, and assessment activities required under these regulations. The service directly addresses:

  • Monitoring the constantly changing AI regulatory landscape.

  • Informing and advising the company and employees of their AI regulatory obligations and other AI based issues.

  • Monitoring AI compliance both internally and externally.

  • Raising awareness in, and training staff in, AI regulatory requirements and issues.

  • Providing ad hoc advisory to address the changing AI landscape.

1bigthink’s AI compliance service allows organizations to address both strategic and operational issues with AI in a cost-effective delivery model.

iStock-1061357372.jpg

Assessments

We have heard many stories from clients where they hired a firm for an assessment and completed the process, only to be given a list of things that they were doing badly without information on how to fix the problems.

We take a very different approach. Our results are focused on actionable recommendations. In short, we show you the current state as well as the desired end state. We then show you how to get from one to the other with actionable recommendations. 

The client can implement many of these recommendations on their own. Some will want our help to complete. We will provide a roadmap prioritizing the items that need to be addressed immediately and those that can be addressed in time.

istockphoto-990121218-1024x1024.jpg

Program Design

The key to a sustainable program starts with understanding the acceptable risks and available resources of the organization. These two inputs allow our experts to build a program to close the critical gaps while maintaining the desired level of risk. Then, long-term sustainment is merely the execution and adaptation of the program.

Supported United States Regulations

  • California - California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)

  • Colorado - Colorado Privacy Act (CPA)

  • Connecticut - Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA)

  • Delaware – Delaware Personal Data Privacy Act (DPDPA)

  • Florida – Florida Digital Bill of Rights (FDBR)

  • Indiana – Consumer Data Protection Act (ICDPA)

  • Iowa - An Act relating to consumer data protection (ICDPA)

  • Montana – Consumer Data Privacy Act (MCDPA)

  • Nevada - Chapter 603A of the Nevada Revised Statutes on Security and Privacy of Personal Information

  • New Jersey – An Act concerning commercial Internet websites, online services, consumer, and personally identifiable information

  • Oregon – Oregon Consumer Privacy Act (OCPA)

  • Utah - Utah Consumer Privacy Act (UCPA)

  • Tennessee – Tennessee Information Protection Act (TIPA)

  • Texas – Texas Data Privacy and Security Act (TDPSA)

  • Virginia - Virginia Consumer Data Protection Act (CDPA)

Supported International Regulations

  • Angola - Law No. 22/11 on the Protection of Personal Data

  • Algeria – Law No. 18-07 Relating to the Protection of Individuals in the Processing of Personal Data

  • Argentina - Personal Data Protection Act 2002 (PDPA)

  • Armenia – Law of the Republic of Armenia No. 49-ZR on the Protection of Personal Data

  • Australia - Privacy Act of 1988 (Amended 2021)

  • Bahamas - Data Protection Act 2003

  • Botswana - Data Protection Act of 2018

  • Bosnia & Herzegovina - Law on the Protection of Personal Data No. 49/06 (PDPL)

  • Brazil - Lei Geral de Proteção de Dados (LGDP) 2020

  • Benin - Law No. 2009-09 of May 22 Dealing with Protection of Personally Identifiable Information

  • China - Personal Information Protection Law - 2021

  • Canada -

    • Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)

    • Alberta Personal Information Protection Act

    • British Columbia Personal Information Protection

    • Quebec Act Respecting the Protection of Personal Information in the Private Sector

  • Chile - Law No. 19.628 on the Protection of Private Life 1999

  • Colombia - Statutory Law 1581 or 2012

  • Costa Rica - Law on the Protection of Persons Regarding the Processing of their Personal Data No. 8968 of 2011

  • Dominican Republic - Law No. 172-13

  • EU/EEC - General Data Protection Regulation (GDPR)

  • Egypt - Resolution No. 151 of 2020 approving the Law on the Protection of Personal Data

  • Ecuador – The Organic Law on the Protection of Personal Data

  • Ghana - The Data Protection Act – 2012

  • Guinea – Law No. L/2016/037/AN on Cybersecurity and Personal Data Protection Law

  • Hong Kong - Personal Data (Privacy) Ordinance (Ap. 486) as amended in 2021 (PDPO)

  • India - Personal Data Protection of 2019

  • Indonesia - Personal Data Protection Law (PDPL)

  • Israel - Protection of Privacy Law, 5741-1981 (PPL) and Protection of Privacy Regulations 5777-2017

  • Ivory Coast – Law 2013-450 on the Protection of Personal Data

  • Jamacia – Data Protection Act

  • Japan - The Act on the Protection of Personal Information (APPI) - 2003 amended 2015 and 2020

  • Kazakhstan - On Personal Data and their Protection - 2013

  • Kenya - Data Protection Act (DPA) - 2019; Data Protection Regulations 2021

  • Lebanon - Law No. 81

  • Lesotho - Data Protection Act of 2012

  • Madagascar – Law No. 2014-038 on the Protection of Personal Data

  • Malaysia - Personal Data Protection Act 2010

  • Mali – Law No. 2013/015 on the Protection of Personal Data in the Republic of Mali

  • Mexico - Federal Law on Protection of Personal Data Held by Privacy Parties (FLPPDPP)

  • Moldova - Law of 8 July 2011 No. 133 on Personal Data Protection

  • Morocco - Law No. 09-08 on the protection of individuals with regard to the processing of personal data

  • Nepal – Individual Privacy Act 2075

  • New Zealand - Privacy Act 2020

  • Nicaragua – Law on Personal Data Protection No. 787

  • Nigeria - Nigeria Data Protection Regulation 2019 (NDPR)

  • Panama - Law No. 81 on Personal Data Protection 2019

  • Paraguay – Law No. 1682 Which Regulates Privacy Information

  • Philippines - Data Privacy Act 2012 (Republic Act)

  • Peru - Law No. 29.733 on the Protection of Personal Data 2011

  • Romania - Law no.190/2018

  • Russia - Federal Law of 27 July 3006 No. 152-FZ on Personal Data

  • Senegal - Law No 2008-12 or 25 January 2008 Concerning Personal Data Protection

  • Serbia - Law on Protection of Personal Data 2018

  • Singapore - Personal Data Protection Act 2012 (PDPA)

  • South Africa - Protection of Personal Information Act (POPIA) - 2013

  • Saint Kitts and Nevis - Data Protection Act 2018

  • Saudi Arabia - Personal Data Protection Law of 2021 amended 2023 (PDPL)

  • South Korea - Personal Information Act 2011 as amended in 2020 (PIPA)

  • Switzerland - Federal Act on Data Protection (FDAP) 1992

  • Taiwan - Personal Data Protection Act 2010 (Amended in 2015) ('PDPA)

  • Tajikistan - Law of 3 August 2018 on Protection of Personal Data

  • Thailand - Personal Data Protection Act 2019 ('PDPA')

  • Trinidad & Tobago – Data Protection act of 2011

  • Tunisia - Organic Act No. 2004-63 of 27 July 2004 on the Protection of Personal Data

  • Turkey - Law on Protection of Personal Data No.6698

  • United Kingdom - Data Protection Act 2018

  • Ukraine - Protection of Personal Data

  • Uganda - Data Protection and Privacy Act 2019 and the Data Protection and Privacy Regulation 2021

  • Uzbekistan - About Personal Data – 2019

  • Vietnam – Decree No. 13/2023/ND-CP on the Protection of Personal Data

  • Zambia – The Data Protection Act No. 3 of 2021

  • Zimbabwe - Data Protection Act