Privacy Regulations Compliance

Your guide to GDPR, CCPA, PCI, HIPAA, and more.

Privacy Regulations Compliance Audits and Guidance

With the rapid increase in user data collection and sharing, many international, federal, and local governments have introduced legislation to ensure that personal data is properly handled. While specialized regulations such as HIPAA (for healthcare) and PCI (for payment processing) have been around for years, more comprehensive data protections are only recently being put into place. Notably, the European Parliament adopted The General Data Protection Regulation in 2016 and California has introduced The California Consumer Protection Act in 2020.

Among the new rules covered by GDPR, provisions include:

  • Consent to process private data
  • Pseudonymization of the data
  • Full inventory and records or processing activity and private data
  • A right for an individual to be forgotten
  • Ensuring that privacy policies are explained in clear and understandable language
  • Data protection by design and by default
  • Data breach notification within 72 hours
  • Companies need to appoint a Data Protection Officer (DPO)
  • image

    Is your company GDPR compliant?

    The European Parliament adopted The General Data Protection Regulation (GDPR) in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.

    GDPR has both complex legal and technical implications. Several sanctions can be imposed for violations, ranging from a simple warning to up to $20 million EUR or 4% of the annual worldwide turnover of the preceding financial year.

    Silent Breach can assist in understanding your company's posture with respect to GDPR and guide you in implementing the gaps to meet this new regulation. Silent Breach works with GDPR experts and lawyers across Europe to certify that you will be fully and safely compliant.

    What is CCPA?

    The California Consumer Protection Act (CCPA) is designed to enhance data privacy rights and consumer protections for the citizens of California. Aside from protecting consumer rights, CCPA requires companies to make it easy for consumers to decide how their personal data is being used.

    The purpose of CCPA is three-fold:

  • Establishes the users' right to know whether any of their data is being collected, sold, or disclosed.
  • Companies will need to provide users with the ability to access or delete their data, or simply say no to its sale.
  • Users who exercise these rights will be protected from any discriminatory actions taken against them.
  • How is your company affected?

    CCPA applies to any for-profit business that does business in California and has annual gross revenues over $25 million or possesses data pertaining to at least 50,000 devices, households, or consumers or earns more than half of its annual revenue from selling consumer data.

    Fines range up to $7,500 for each intentional violation and $2,500 for unintentional violation. In the event of a security breach, companies can be fined between $100 and $750 per Californian user, in addition to any other court-ordered damages.

    Silent Breach works with CCPA experts and lawyers to certify that you are fully compliant.


    Silent Breach can assist with:

    Awareness and Communication

    Silent Breach can develop an Information Security Policy so that all employees understand GDPR and understand the proper communication channels to ensure proper data handling.

    In addition, Silent Breach can help develop a culture of privacy within the company to implement data protection by design and by default.

    Audit & Analysis of Personal Data

    Silent Breach can help you analyze and track sensitive data through storage and processing, as well as determine data ownership roles.

    Customer data needs to be retained on servers that are physically located in the EU, even if processed as part of a global product or service.


    Silent Breach can review your current privacy and security procedures and assist in the wording in case of non-compliant language.

    In particular, existing procedures need to include specific provisions to cover all of the data points in the GDPR regulation, or be fully rewritten to fully comply.

    Private Data

    Silent Breach can help develop an IT strategy to implement data protections, backups and a rescue plan to guarantee business continuity in case of a data breach.

    Silent Breach can also help create a comprehensive business continuity program.

    Access Rights & Customer Consent

    Silent Breach can guide in obtaining proper and legally valid consent from your users and customers. We work with our legal partners to guarantee the data is gathered legitimately and is fully compliant with GDPR guidelines.


    Silent Breach can help you implement procedures to handle emergencies and data breaches, and make sure that you are able to communicate efficiently with the outside world within the legally-mandated 72 hour timeframe.


    Silent Breach can carry out a data protection impact assessment, and help you with threat modeling and risk aversion, within the GDPR guidelines and beyond. Silent Breach can also assist in making this assessment part of an overall business continuity program.

    Appoint a Data Protection Officer

    Many firms experience difficulty with creating this new GDPR-mandated role. Silent Breach can help select the best internal resources to act as DPO as well as assist in building a supporting team.