Our Services
Virtual Data Protection Officer Service
A DPO is an enterprise security leadership role responsible for overseeing data protection strategy and implementation to ensure compliance with relevant regulatory requirements (GDPR, CCPA, etc.). The DPO's role may include:
Informing and advising the company and employees of their data protection obligations and other important compliance requirements
Monitoring compliance and impact, including directing audits and addressing issues
Raising awareness in and training staff involved in data processing
Providing advice where requested as regards the data protection impact assessments (DPIAs) and monitoring compliance and performance
Serving as the primary contact between the company and relevant Supervisory Authorities
To be effective, a DPO needs not only "expert knowledge of data protection law and practices," but also to possess:
Broad and deep information privacy, compliance and data processing skill sets across industries
Ability to remain current on changes in data protection regulation
A complete understanding of IT infrastructures, technologies, and technical and organizational structures in your industry
Insights into industry-leading data protection practices
Excellent management skills and the ability to interface easily with internal staff at all levels
With 1bigthink’s DPO service, organizations gain the capacity and abilities of a DPO who offers all of the above – at a fraction of the cost while maintaining independence requirements.
Advisory Services
Strategic Advisory
The world has changed, and privacy is here to stay. Regulations around the world are in constant flux. New regulations and judgements are developing on a daily basis. Organizations, feeling pressure from their stakeholders to take privacy seriously, are forced to embrace concepts like privacy by design, transparency, purpose limitation, data minimization, and data subject rights.
Many organizations are realizing that they do not have, or cannot maintain, the experience and expertise on their staff that is needed to address these issue.
Assessments
We have heard many stories from clients where they hired a firm for an assessment and when through the process, but at the end of the day all they had was a list of things they were doing badly with no idea of how to fix the problems.
We take a very different approach. Our results are focused on what we call: actionable recommendations. In short, we show you the current state as well as the desired end state. We then show you how to get from one to the other with actionable recommendations.
Many of these recommendations the client can implement on their own. Some you will want our help to complete. We will provide you the roadmap by prioritizing which need to be address right away and which can wait.
Program Design
The key to a sustainable program starts with understanding the acceptable risk and available resources of the organization. These two inputs when coupled with the assessment, allows our experts to build a program to close the critical gaps while maintaining the desired level or risk. Then long-term sustainment is just the execution and adaption of the program.
The Solution:
The solution, in this dynamic environment, is to take a risk-based approach guided by an experienced executive with:
Broad and deep cybersecurity and privacy skill sets across industries
An ability to remain current on the threat environment
Insights into industry-leading practices
Knowledge of the processes and technologies to mitigate risk
An understanding of the quickly evolving regulatory environment
Access to world class security as well as privacy advice and leadership
Experience in developing and executing cybersecurity and privacy strategies
Select Regulations and Frameworks
Angola - Law No. 22/11 on the Protection of Personal Data
Argentina - Personal Data Protection Act 2002 (PDPA)
Australia - Privacy Act of 1988 (Admended 2021)
Bahamas - Data Protecton Act 2003
Botswana - Data Protection Act of 2018
Boznia & Herzegonvina - Law on the Protection of Personal Data No. 49/06 (PDPL)
Brazil - Lei Geral de Proteção de Dados (LGDP) 2020
Benin - Law No. 2009-09 of May 22 Dealing with Protection of Personally Identifiable Information
China - Personal Information Protecton Law - 2021
Canada -
Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
Alberta Personal Information Protection Act
British Columbia Personal Information Protection
Quebec Act Respecting the Protection of Personal Information in the Private Sector
Chile - Law No. 19.628 on the Protection of Private Life 1999
Colombia - Statutory Law 1581 or 2012
Costa Rica - Law on the Protection of Persons Reguarding the Processing of their Personal Data No. 8968 of 2011
Dominican Republic - Law No. 172-13
EU/EEC - General Data Protection Regulation (GDPR)
Egypt - Resolution No. 151 of 2020 approving the Law on the Protection of Personal Data
Ghana - The Data Protection Act - 2012
Hong Kong - Personal Data (Privacy) Ordinance (Aap. 486) as amended in 2021 (PDPO)
India - Personal Data Protection of 2019
Indonesia - Personal Data Protection Law (PDPL)
Israel - Protection of Privacy Law, 5741-1981 (PPL) and Protection of Privacy Regulations 5777-2017
Japan - The Act on the Protection of Personal Information (APPI) - 2003 admended 2015 and 2020
Kazakhstan - On Personal Data and their Protection - 2013
Kenya - Data Protection Act (DPA) - 2019; Data Protection Regulations 2021
Lebanon - Law No. 81
Lesotho - Data Protection Act of 2012
Malaysia - Personal Data Protection Act 2010
Mexico - Federal Law on Protection of Personal Data Held by Privay Parties (FLPPDPP)
Moldolva - Law of 8 July 2011 No. 133 on Peraonal Data Protection
Morocco - Law No. 09-08 on the protection of individuals with regard to the processing of personal data
New Zealand - Privacy Act 2020
Nigeria - Nigeria Data Protection Regulation 2019 (NDPR)
Panama - Law No. 81 on Personal Data Protection 2019
Philippines - Data Privacy Act 2012 (Republic Act)
Peru - Law No. 29.733 on the Protecton of Personal Data 2011
Senegal - Law No 2008-12 or 25 January 2008 Concerning Personal Data Protection
Serbia - Law on Protection of Personal Data 2018
Singapore - Personal Data Protection Act 2012 (PDPA)
South Africa - Protection of Personal Information Act (POPIA) - 2013
Saint Kitts and Nevis - Data Protection Act 2018
Switzerland - Federal Act on Data Protection (FDAP) 1992
Romania - Law no.190/2018
Russia: Federal Law of 27 July 3006 No. 152-FZ on Personal Data
Saudi Arabia - Personal Data Protection Law of 2021 admended 2023 (PDPL)
South Korea - Personal Information Act 2011 as amended in 2020 (PIPA)
Taiwan - Personal Data Protection Act 2010 (Amended in 2015) ('PDPA)
Tajikistan - Law of 3 August 2018 on Protection of Personal Data
Thailand - Personal Data Protection Act 2019 ('PDPA')
Tunisia - Organic Act No. 2004-63 of 27 July 2004 on the Protection of Personal Data
Turkey - Law on Protection of Personal Data No.6698
United Kingdom - Data Protection Act 2018
United States -
California - California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA)
Colorado - Colorado Privacy Act (CPA)
Connecticut - Conneciticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA)
IowaAn Act relating to consumer data protection (ICDPA)
Nevada - Chapter 603A of the Nevada Revised Statuets on Sercurity and Privacy of Personal Information
Utah - Utah Consumer Privacy Act (UCPA)
Virginia - Virginia Consumer Data Protection Act (CDPA)
Ukraine - Protection of Personal Data
Uganda - Data Protection and Privacy Act 2019 and the Data Protection and Privacy Regulation 2021
Uzbekistan - About Personal Data - 2019
Zimbabwe - Data Protection Act