Generally Accepted Privacy Principles (GAPP)

What is GAPP?

Generally Accepted Privacy Principles (GAPP) is a framework intended to assist Chartered Accountants and Certified Public Accountants (CPA) in creating an effective privacy program for managing and preventing privacy risks.

What are the GAPP Principles?

  • Management: The entity defines, documents, communicates, and assigns accountability for its privacy policies and procedures.
  • Notice: The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
  • Choice and consent: The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information.
  • Collection: The entity collects personal information only for the purposes identified in the notice.
  • Use, retention, and disposal: The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately disposes of such information.
  • Access: The entity provides individuals with access to their personal information for review and update.
  • Disclosure to third parties: The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
  • Security for privacy: The entity protects personal information against unauthorized access (both physical and logical).
  • Quality: The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
  • Monitoring and enforcement: The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy related complaints and disputes.

How can your organization apply GAPP?

  • Design Your Privacy Program
  • Implement Your Privacy Program
  • Manage the Program
  • Auditing to Improve and Ensure Compliance

Need professional help?
Please fill out the simple form, one of our cybersecurity Compliance professional will respond to you promptly.

Contact Person*
Email Address*
Job Title
Company Name*
Company Website
Your Message

About the Author: Jenny Jo

Jenny Jo is the president and co-founder of MJJT Consultants. Ms. Jo is a Software Engineer, a Cyber Security Auditor, and an IT Project Manager. She is also a Certified Informatin Security Manager (CISM) which certifies her to audit information systems, as well as design, build, and magage businesses' information security programs.