BARR Privacy Assessments

BARR Privacy Assessments is a consulting service that helps organizations achieve compliance with privacy regulations including GDPR, CCPA, GLBA, and Microsoft Data Protection Requirements (DPR). The service provides guidance for businesses in regulated industries to design, implement, and maintain privacy programs. For GDPR compliance, the service assists with building personal data inventories, data flow mapping, records of processing activities, and implementing privacy controls. The CCPA service focuses on assessing privacy posture and designing processes for data access, deletion, and opt-out requests. The GLBA service addresses Privacy Rule and Safeguards Rule requirements for financial institutions through risk assessments, policy development, vendor management reviews, and ongoing monitoring. For Microsoft DPR, the service supports Microsoft suppliers enrolled in the Supplier Security and Privacy Assurance (SSPA) program. The process includes a two-phase approach: Phase I conducts a readiness assessment to identify gaps against Microsoft DPR requirements, and Phase II performs an independent assessment for submission to Microsoft. The service maps controls across multiple privacy frameworks including ISO 27701, NIST Privacy Framework, and AICPA trust services criteria. Assessment timelines vary based on organization size, complexity, and existing security posture, with typical engagements taking four to five months for organizations without existing SOC 2 reports.