Data Privacy Group

Cyber Security, Privacy, Compliance, Training, Staffing, and Internal Auditing

GDPR - The General Data Protection Regulation

The GDPR sets out a standerdised version of rules and regulations to protect individuals in the EU and EEC to protect the use of their Personal Identifying Information.  The GDPR has substantial penalties and remedies to ensure that companies meet compliance if they want to do business in or with anyone in the EU.

ENISA - EU Cyber Security Act of 2019

ENISA is the EU Agency for Cybersecurity and was formed to establish and enforce a high common level of cybersecurity across the Member States of the EU and the Private Sector.  The vast majority of IoT and DevOps will be adopting the standardized models for cybersecurity in the future in the Privacy by Design Model.


The Health Insurance Portability and Accountability Act is the most well-known compliance model in the US.  All health care professionals, institutions, and insurance companies are required to know the responsibilities and comply with the Act or face the consequences.


The  Payment Card Industry Data Security Standard is a credit card industry standard for protecting the Personal Identifying Information as well as banking and payment information of credit card users.  All companies handling credit cards are required to comply with PCI-DSS.

SOX - Sarbanes-Oxley Act

SOX mainly deals with the retention of corporate records and is required for US-based company boards, management personnel, and accounting firms to prevent fraud.

PIPEDA - Personal Information Protection and Electronic Documents Act

PIPEDA is the Canadian Law governing how private sector organizations collect, use and disclose Personally Identifiable Information.  PIPEDA covers both commercial and medical use of PII and covers all commercial use of an individuals data.

FISMA - Federal Information Security Management Act of 2002

FISMA requires that Federal Agencies develop a method of cybersecurity to protect their information systems as a matter of National Security.

NIST Framework

The National Institute of Standards and Technology has developed a voluntary framework of standards, guidelines and best practices.  The NIST standards are meant to be flexible and cost-effective to help protect infrastructure, the economy, and national security

ISO 27000/27001

The Internation Standards Organization ISO 27000/27001 certification is the gold standard that your infrastructure has implemented best use cybersecurity policies, equipment, vendor sourcing, and that your IT infrastructure works with other management system standards.

GPG13 - Good Practice Guide 13

The GPG13 is the UK best practice guide for business processes and recommended for all businesses, but mandated for all companies managing "high-impact" data in the UK.

For more information please fill out the form below or call us at          (888) 460-4377