Data, Identity & Privacy

Privacy Operations. Turn privacy obligations into a working process.

Privacy law promises people rights over their data, and every one of those rights lands as a task on someone's desk. We run the operations behind privacy: the requests, the records, the assessments, so compliance is a process that works, not a promise you scramble to keep.

Operationalize privacySee the docket ›
Why operations

A privacy policy on your website is the easy part. The hard part is what happens when a person asks for their data, or to be forgotten, and you have a legal deadline to comply. Privacy is won or lost in the operations, not the policy.

Privacy Operations is the machinery that makes privacy compliance real: handling data subject requests within the legal window, keeping records of processing current, running impact assessments before risky projects launch, and managing consent. We provide the process and the expertise, including a Virtual Data Protection Officer where you need one, so your obligations are met as routine rather than emergency.

A data subject request

From request to response, on the clock

When someone exercises their rights, the law sets a deadline. We run the process that meets it every time, without a fire drill.

1

Receive

The request comes in through a clear, logged intake channel.

2

Verify

Confirm the requester's identity before any data is touched.

3

Find

Locate the person's data across every system, including the copies.

4

Act

Access, correct, or delete as the request and the law require.

5

Respond

Reply within the deadline, with a record kept as proof.

The docket

A quarter of requests, on the record

This is what operational privacy looks like: every request on a clock, every clock visible, and the only acceptable missed-deadline count.

Q2 request docketIllustrative34 closed2 openmedian 9 days0 deadlines missed
REQ-0405Access · full export
GDPR30-day window
Day 8 · 22 to spare
REQ-0407Erasure · 14 systems
GDPR30-day window
Day 11 · 19 to spare
REQ-0409Access · consumer
CCPA45-day window
Day 12 · 33 to spare
REQ-0412Portability · machine-readable
UK GDPR30-day window
Day 14 · 16 to spare
REQ-0415Correction · one record set
GDPR30-day window
Day 6 · 24 to spare
REQ-0418Erasure · consumer
CCPA45-day window
Open · day 9, on track
REQ-0421Access · verification pending
GDPR30-day window
Open · day 3
Every closed request carries its evidence trail: identity verification, the systems searched, the actions taken, and the response itself. When a regulator or an auditor asks how you handle rights requests, this docket is the answer.
What we run

The full privacy operation

Beyond requests, privacy is an ongoing program of records, assessments, and consent. We run all of it.

Data subject requests

Access, deletion, correction, and portability handled within the legal window, end to end.

GDPR · CCPA

Records of processing

A living record of what data you hold, why, and on what legal basis, kept current.

RoPA

Impact assessments

DPIAs run before risky processing launches, so privacy is designed in, not bolted on.

DPIA

Consent management

Consent captured, recorded, and honored across your channels and systems.

Consent

Vendor & transfer review

Processor agreements and cross-border transfers reviewed and kept compliant.

DPA · SCC

Virtual DPO

A named Data Protection Officer on call, where the role is required or useful.

vDPO
Part of the loop

Where privacy ops sits in VIGILE

Run and report

Implement the process, Enhance the program

ImplementPrivacy OperationsEnhance

Privacy Operations is the Implement and Enhance motions for your privacy obligations. We run the requests and records day to day, then mature the program as regulations and your business change.

See Data Security Posture ›
FAQ

Top 10 questions, frequently asked

Under GDPR, some organizations are required to appoint one, and many others benefit from the role even when it is not mandatory. We provide a Virtual DPO: a named, qualified person who fulfills the function on call, so you get the expertise and accountability without hiring a full-time role you may not need.

Quickly, when the data is mapped. This is where Privacy Operations and Data Security Posture Management connect: a current map of where personal data lives makes a data subject request answerable within the deadline rather than a frantic search. Where no map exists, we build the discovery process alongside the request handling.

We work across the major privacy regimes including GDPR, the UK GDPR, and CCPA, and we keep pace as new state and national laws arrive. The operations are designed to handle multiple frameworks at once, since most organizations now answer to more than one.

We run it. Advice is part of it, but the value is in operating the process: handling the requests, maintaining the records, conducting the assessments, and meeting the deadlines. You can lean on us for the whole operation or for the parts your team cannot cover.

Well inside the statutory windows: requests are acknowledged on receipt, located through data discovery, and fulfilled with a documented trail. The clock never runs close to the deadline.

Request handling end to end, records of processing kept current, privacy reviews for new projects, breach notification readiness, and a quarterly privacy posture report.

AI use cases get privacy review before launch: what data trains or prompts the system, the lawful basis, and the retention story. This connects directly to the AI Governance inventory.

Yes, and it is the normal mode: counsel owns legal interpretation, we run the operational machinery that makes their advice real in systems and process.

By request volume and regulatory scope, as a managed retainer after a fixed-scope privacy posture assessment.

Identify maps the data, Guard sets the handling rules, Implement runs requests and reviews, and Enhance reports the posture to leadership.

Privacy Operations datasheetThe request workflow with statutory clocks, records of processing, DPIA triggers, consent and transfer machinery, the Virtual DPO, and the docket evidence regulators ask for.
Download the datasheet

Related work

Service

Data Security Posture

The data map that makes privacy requests answerable.

Learn more ›Service

Data Loss Prevention

Keep the personal data you hold from leaving.

Learn more ›Service

ISO & AI Security Audits

Certify the controls that privacy compliance rests on.

Learn more ›

Make privacy a process, not a panic

Book a session with a Principal Engineer. We review your privacy obligations and show you where the operations need to be.

Operationalize privacyBrowse all services ›