A principles-based approach to operationalizing your compliance program to a fluid data-privacy regulatory landscape.

Many countries and an increasing number of US states have passed comprehensive privacy legislation. BRG works with clients to achieve compliance with these international privacy regulations, which include the European Union’s General Data Protection Regulation (GDPR), Brazil’s General Data Protection Law (LGPD), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and Korea’s Personal Information Protection Act; the US Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and Federal Trade Commission Act (FTCA); state privacy laws, including the California Consumer Privacy Act (CCPA) and Nevada’s Senate Bill 220; and state data-breach notification and data-disposal laws.

Combining our data-privacy principles-based approach and our data-privacy model, we deliver compliant, sustainable privacy programs that not only achieve compliance with GDPR and CCPA but are scalable and flexible enough to grow with your business and keep up with this dynamic area of law. Depending on the needs of your business, BRG can provide advice and support or can serve as your outsourced privacy officer or EU data protection officer, building your program from the ground up and providing ongoing services to fulfill data-subject requests, respond to potential data breaches, and otherwise manage the day-to-day requirements of maintaining compliance.

BRG prides itself on providing intelligence that works. We begin by rolling up our sleeves and mapping your systems and processes that involve personal data, and we work from there to create a right-sized, effective program for your business. Our simple, self-correcting, and sustainable “Discover-Build-Communicate-Evaluate” model can be tailored to your specific business environment.

Discover

  • Gap assessment
  • Data and application mapping
  • Business process map
  • Multidirectional data flows
  • Identify proper program structure

Build

  • Program model
  • Register of processes
  • Data-subject request fulfillment strategy
  • Manual or application-based tools
  • Data-disposition model
  • Contract terms

Communicate

  • Policies and procedures
  • Consent and notices
  • Training and awareness
  • Risk and mitigation reporting

Evaluate

  • Metrics to establish monitoring
  • Audit data-subject access request fulfillment

 

Related Services

Biometric Information Privacy Act
Class Action Litigation
Data Analytics
Discovery & Forensic Technology
Global Investigations + Strategic Intelligence
TCPA & Telecommunications Class Actions

Related Industries

Financial Services
Government Contracts
Healthcare
Retail & Consumer Goods
Telecom, Media & Technology (TMT)

Professionals

Related Contacts

Amy Worley

Managing Director & Associate General Counsel

Washington, DC

Robert Hichens

Managing Director

Houston

Michael Bandemer

Managing Director

David Kalat

Director

Chicago

Ignatius Grande

Director

New York

Explore Related Insights

Brochure

DPO as a Service Let's YOU DO YOU

Brochure

Let Your Data Do Its Best Work

Brochure

Comply with US State Data Privacy Regulations

Publication

Legaltech News: Nervous System

June 2022

Event

The Sedona Conference Working Group 11 Annual Meeting 2022

April 27, 2022

Event

eDiscovery in 2022: Preserving, Collecting, Reviewing, and Producing New Data Sources

April 27, 2022

Multimedia

GAT Podcast: Dreaming of a Data Privacy Resource

April 5, 2022

Event

Emerging Practice Areas: Artificial Intelligence and Machine Learning, Cybersecurity/Data Privacy, Information Governance/eDiscovery, and Cryptocurrency

March 24, 2022

Publication

Reintroduction to FCRA

March 21, 2022
Explore All Insights

Our industry knowledge is broad and deep.

BRG combines intellectual rigor with practical, real-world experience. We have an in-depth understanding of industries and markets, with expertise spanning the major sectors of the global economy. Following are some of the many sectors that we know inside and out.