Safe Harbor Framework - Comprehensive Certification Process

Riskpro’s US-EU Safe Harbor Privacy Assessment follows a comprehensive review of the organisation’s privacy policy, procedures and compliance requirements. We ensure that the company is compliant with the 7 principles required by US Department of Commerce, along with additional requirements outlined in the FAQs.
Data Collection Procedures – Riskpro reviews the data privacy practices for the website along with public disclosure of privacy policy. We understand what information you collect, how it is used, to whom is it transferred in the course of normal business and many more checks.

At the end of the engagement, we provide a comprehensive gap analysis report along with recommendation to address the gap. We help companies to get self certified by developing their policies and procedures as well.

AS per the DMA.org website, your policy should address the following.

Data Analysis

Analyze data intake flows, data uses, and transfers to third parties

Notice to Customers

  • Determine to whom, and when, notices must be given;
  • Assure notices are drafted accurately and are given at all appropriate times and places; and
    Determine manner in which notice is made publicly available

    Opt-out/Opt-in

    Provide consumers with the opportunity to opt-out or opt-in depending on the nature of the data. Set-up appropriate procedures to respect consumers’ opt-out/opt-in requests particularly with respect to consumers’ requests to not be approached for direct marketing (i.e., in-house suppression system.) Opting-out should not require consumers to incur any fee or expense beyond a first-class stamp or phone call

    Onward Transfer

    Determine the need for contracts with respect to the transfer of information to third parties

    Access

    Set-up procedures to allow customers the ability to access their personal information and the ability to correct it where it is inaccurate

    Security

    Set-up procedures to ensure that customer’s personal information is protected and secure

    Data Integrity

    Set-up procedures to ensure that the customer’s personal information is reliable, accurate, complete, current and used for its intended purposes

    Enforcement

  • Refer consumers to your customer service department or other in-house dispute handling program to address their data privacy complaints; and
  • Utilize the DMA Safe Harbor Program as the required independent third-party dispute resolution mechanism to address any unresolved in-house consumer data privacy complaints.

    Assessment

    Establish an annual compliance review process by adhering to either:

  • An internal self-assessment compliance review – you need to develop procedures for periodic objective reviews of compliance with your privacy policy and complaint handling; or
  • An outside third-party assessment review/audit

    Training

  • Assure all personnel receive general training in your safe harbor privacy policy. More extensive training should be provided to personnel who have access to or deal with the data; and
  • Modify employee/personnel policies to provide for training and discipline for failure to follow your policy
  • More Info: 
    Manoj Jain: 9833767114, manoj.jain@riskpro.in

    Other Services of Interest

  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • EUC Risks : Manage Spreadsheet risks - Riskpro India

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mispricing and poor decision making due to prevalent but...
  • 1 Day AML Training by Riskpro India - Mumbai

    Training event in Bangalore on Anti Money Laundering (AML) and KYC “Are we doing enough to protect integrity of Indian financial sector?” Banks face growing costs to comply with AML requirements...
  • Risk Management Software - Riskpro India's solution for Automating Risk Management

    Riskpro India finally offers small and mid enterprises a risk management tool that helps them to manage risks effectively. To request a 30 days trial, please contact info@riskpro.in Why is Risk...
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Go to top