Expert in Internal Audit & Assurance

Providing expert internal audit and assurance services on an interim or contract basis to meet your needs by a fully qualified, experienced and skilled Chief Audit Executive in Financial Services (asset management) and energy, construction and industrial businesses.

Leader in Risk Management

Leading the way in developing a deeper understanding of operational risks to ensure a focus on priority risks and their alignment with the company’s strategic direction and company objectives.

Compliance Specialist

Specializing in drawing value from compliance management programs through improvement in efficiency, effectiveness and innovation and aligning compliance management programs across business functions.

About

Integrity, honesty and humility along with independence and an objective state of mind are the foundational values supporting my services that results in highly professional services, delivered with quality and timeliness.

Expert in Internal Audit & Assurance

Providing expert internal audit and assurance services on an interim or contract basis to meet your needs by a fully qualified, experienced and skilled Chief Audit Executive in Financial Services (asset management) and energy, construction and industrial businesses.

Leader in Risk Management

Leading the way in developing a deeper understanding of operational risks to ensure a focus on priority risks and their alignment with the company’s strategic direction and company objectives.

Compliance Specialist

Specializing in drawing value from compliance management programs through improvement in efficiency, effectiveness and innovation and aligning compliance management programs across business functions.

About

Integrity, honesty and humility along with independence and an objective state of mind are the foundational values supporting my services that results in highly professional services, delivered with quality and timeliness.

Companies Unprepared for Strict CCPA/CPRA (Enforcement Beginning January 1, 2023) and GDPR with fines reaching into the multi-millions

By Peter McConnell | January 26, 2023 | Compliance

L7PI2

Research by CYTRIO, a SaaS data privacy compliance management platform found that at the end of Q3 2022, 92% of 9827 companies surveyed that must comply with California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are not prepared to meet the acts privacy rights compliance requirements enforceable on January 1, 2023. Under the threat of major non-compliance penalties, 52% stated they need to comply with CCPA but do not provide a mechanism for consumers to exercise their data privacy rights, while 39% of these companies are using expensive, inefficient and error prone manual processes. Only 8.2% are using a Data Subject Access Request (DSAR) management automation solution. The first enforcement action under CCPA included Sephora being fined $1.2 million (August 2022) for selling consumers’ personal information to online tracking companies without their consent and not honoring requests to opt-out of sales made through user-configured privacy measures.

CYTRIO’s research also found that at the end of Q3 2022 nearly 91% of companies that must comply with GDPR are not prepared to meet the GDPR privacy rights compliance requirements when managing DSARs. The majority of companies are using expensive, inefficient and error-prone manual systems with only 8.8% using a DSAR management automation solution. GDPR continues to be actively enforced with fines totaling in excess of $2.4 billion as of September 2022 and the total number of fines reaching 1,304.

Source: https://cytrio.com/4th-state-ccpa-gdpr-compliance/

This research highlights an inherent problem in many compliance departments from the growth of ad-hoc practices supported by manual systems that are unreliable and prone to error. In a recent blog on this topic, I discuss how adopting practices from assurance group like internal audit and the use of automated technology (Compliance Management System) can improve the reliability and security of the collection, recording, reporting and access to data for security and privacy needs and provide auditability for compliance assurance.

Read More →