More than ever, there’s growing appreciation of data as an asset to be protected, not to mention it’s the law anyway, and for companies to transform the way they share, collect, and utilize data.

Our Approach


Data Privacy is a top priority for most organizations. Key factors that have thrust Data Privacy to the forefront have included the rapid growth of the regulatory environment globally, starting with GDPR, and heightened awareness by individuals in protecting and limiting the sharing of their own personal data.


Having an effective Data Privacy program is no small challenge. It requires the right combination of governance, policy, technology and supporting procures, and needs dedicated focus from numerous corporate functions acting as the second line of defense. Many companies have been hard at work over the past few years designing, implementing and honing their programs. The ever-changing landscape of laws and guidance ensures that Data Privacy program development is not a one and done exercise


Culture & Processes


Breaches make the news. But it is poor practice that lands organizations in hot water. This highlights is the importance that regulators have placed on culture and processes of data protection overall and not just with a focus on mitigating a data breach. In many cases, GDPR legislation has armed companies with helpful tools to protect themselves and their customers against data exploitation. However, Data Privacy is not an area where companies can do the work once, put it in a drawer and forget about it. Rather businesses need to keep on top of changes and guidance and act to reduce the risk of fines, given the regulators’ evolving areas of focus.


Ensuring Data Privacy remains front-of-mind for all staff is vital. And hard. Driving the cultural and behavioral shift needed is not easy—our Privacy Assessment helps close the gaps.

Morae’s Privacy Assessment

So, with all our efforts and investment, how are we doing? And how does this stack up to others?

These are questions that many privacy professionals and their stakeholders are asking. To help companies gain insights into these questions and others, we offer a Privacy Assessment. The assessment explores key areas as identified in the following statements:

  • We have a clear and complete view of data we hold
  • We have a consent to control and protect data
  • We have a clear e2e view of how we process data
  • We have a clear view of where data sits within systems
  • We have effective controls over data access and retention
  • We have effective controls for system security and resilience
  • We have a robust mechanism for subject data rights
  • We have established clear data accountability and governance
  • We have a robust data privacy risk framework
  • We have a robust change methodology that considers data and data impacts
  • We operate a process of continuous improvement in regard to data privacy
  • We have robust management of third-party processing