Consulting Program Overview


CSR offers consulting services in Privacy and Data Life Cycle Management (DLCM). They vary in their application, range of coverage provisions, cost and end user applicability. CSR offers these programs to private, public, non-profit and governmental organizations on a global basis.

Our broad range of certifications, experience and deep bench of experts put us in a unique position to deliver a series of consultative services which can be blended to answer the specific needs of the client in a timely, efficient and effective manner.

CSR is fully positioned with a deep roster of qualified experts to provide the assurance necessary in multiple functional and regulatory environments. We maintain full-time employees who hold qualifications in all the recognized specialties of the Privacy environment. These include qualified specialists on the United States, Europe, Canada, Governments in general, Technology, and Management. We also have on staff two individuals qualified to act as formal DPOs under the rules of the GDPR. Our group of highly experienced and competent certified compliance officers and experts continues to grow.

CSR provides companies with the highest caliber of certified, experienced, and qualified individuals capable of meeting the expanding and various need sets associated with the challenges of Privacy and Data Life Cycle Management in an ever tightening and stringent regulatory environment.

CSR is your Privacy Officer, Compliance Department, DPO and external resource.



Our consulting services apply to companies with an annual revenue of over $5 million

Our eight services include:


The General Data Protection Regulation (GDPR), enacted May of 2018, is the farthest reaching set of regulatory requirements affecting all companies on a global basis.. CSR provides GDPR compliance for companies that process, transmit, store, manipulate or destroy European Union citizens’ data or data that originates in the EU. The GDPR requires companies that deal in certain instances with EU data to assign a DPO to oversee GDPR compliance – CSR functions as this role. Additionally, GDPR mandates that companies provide a “reasonable” level of data protection and privacy. CSR defines what “reasonable” means for its clients and puts those measures in place.

EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield certification is utilized by a U.S. company if they are receiving personal information from the EU. Laws in the EU only permit the international transfer of personal information to countries they deem to have “adequate” protection in place for the data, and the United States is not approved as adequate. The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with these data protection laws. The Privacy Shield framework closely matches many of the requirements of the GDPR. CSR facilitates the compliance of companies that enact data transfers and provides certification assistance, all in the scope of the framework under U.S. and European Law. CSR can also provide annual Privacy Shield audits and recertification.

Privacy Contract Review

Any third-party vendor may encounter personally identifiable information, and companies must ensure their contract or agreement with them address all aspects of privacy. CSR establishes services that ensure third-parties’ contracts observe and follow administrative, technical and physical safeguards stated within the GDPR.

Validation & Verification

The CSR service takes on the duty of the data controller to independently validate and verify that each data processor or third party that the data controller uses or to whom the data controller transmits information is in fact treating this material in a correct manner that is based on the stated policies and practices of the data controller. CSR’s services validate and verify that protected information is being treated in the correct manner by third parties.

Stand-in Privacy Officer

Many companies with an annual revenue of between five and five hundred million dollars need a full time Privacy Officer, but do not have the resources to afford or the understanding of how to manage or task a full time Privacy Officer. The SIPO program does just that. CSR assigns one of our in-house certified privacy experts to lead the company through the challenges of all privacy rules and regulations. They act as an ombudsman or point of contact who can lead an assigned individual or a company through the challenges of compliance with all relevant regulatory and compliance requirements.

Privacy Impact Assessment

Privacy Impact Assessments (PIA) are used in three distinct environments, and CSR works with companies to identify and develop their own PIAs. First is to analyze and assess privacy compliance risk. The second is to assess if a new procedure, policy or practice of an organization is consistent with the stated and practiced privacy policy and position of the enterprise. The third is to incorporate the practices of Privacy by Design into the fabric of the enterprise.

Annual Audits

Various ongoing programs such as the EU-US Privacy Shield require annual formal data security audits. CSR is qualified to provide these audits. In addition, formal audits of enterprise divisions or subsidiaries are often required or recommended and, again, CSR can and does perform these formal assessments.

Formal Embedded Teams

For companies with at least five hundred million dollars in annual revenue, we provide teams of qualified, certified Privacy experts to become the embedded Privacy department. These engagements are built on an intimate knowledge of the specific requirements and needs of each enterprise client and are established as multiyear relationships. In these relationships our goal is to develop an internal team of the client’s employees who are qualified and experienced to carry on these functions with CSR over a period of three to five years becoming the trusted external adviser and resource.

Contact the data

Privacy Experts at CSR

I understand CSR will use this information for the purpose of responding to my query or request. I have reviewed their Privacy Policy. I understand I can withdraw consent or make a Data Access Request at any time.