Keep up with consumer privacy compliance

The internet has made information more accessible, vulnerable, and subject to abuse. With data breaches on the rise, many new personal data protection regulations have been enacted.

The European Union’s (EU) General Data Protection Regulation (GDPR) is the first and most well-known of these. Now several new or bolstered US laws have gone into effect to protect the privacy of its citizens.

Sword & Shield’s compliance expertise spans international, industry, and state laws. Our security consultants apply cross-industry experience and knowledge to take a comprehensive and consistent approach to compliance to take this burden off you. We offer GDPR and consumer data protection compliance consulting in the following areas:


GDPR is intended to give people living in European Union (EU) countries more control over their personal data and protect that information from risk. This applies to any organization that conducts business in the EU.

The GDPR is a complicated framework and represents the most sweeping change in data privacy regulation in decades. Many U.S. companies are struggling to meet its requirements.

Sword & Shield leverages our decades of experience in data and information security compliance to identify the gaps between GDPR requirements and your current security posture.

Learn more about our GDPR assessment service.

Consumer Data Protection State Laws

GDPR has opened a floodgate of pent up consumer privacy concerns. In the absence of a federal standard, states are taking on the challenge of personal data protection themselves.

New legislation contains specific requirements for user accepted privacy policies, acceptable use, acknowledgement of liability, and restrictions on use of privacy policy language.

Sword & Shield’s deep compliance knowledge empowers us to help you.

Our consultants take the stress of compliance off you. We assess your consumer data protection state law compliance status and provide a detailed remediation roadmap to help get you where you need to be.

We also take federal compliance frameworks such as NIST, HIPAA, PCI and more into consideration. We map federal mandates to state requirements to reveal where you’re already compliant and where you’re not.

Request a consultation to get started.


As a response to the ever-growing threat posed to information and financial systems, the NY Department of Financial Services (NYDFS) has issued the NYDFS Cybersecurity Regulation (23 NYCRR 500). This set of laws places cybersecurity requirements on all covered financial institutions.

The requirement aims to protect DFS regulated entities as well as New York consumers whose private information may be revealed and/or stolen.

Sword & Shield’s security experts help you to identify your risks and vulnerabilities, develop a remediation plan, and continue to work with you to maintain or improve your 23 NYCRR 500 compliance.

Learn more about our NYDFS compliance service.

Keep up with consumer privacy compliance

Request a Free Consultation