FTSE 100 Company prepares for new privacy law – EU GDPR

Background

A global business with 2000+ users aims to become fully compliant with Global Data Protection Regulation (EU GDPR) by May 2018. REMORA was contracted to define and implement the steps to make the Client’s company compliant with EU GDPR by addressing the requirements of EU GDPR across the Client’s global offices.

REMORA: Services performed

The challenge: distributed data storage facilities, both on premises and in the cloud; extensive use of stored data in company’s operational activities; use of various platforms and cloud-based analytical tools.

REMORA designed a phased EU GDPR Readiness Project with company-specific goals, execution plan and deliverables addressing scope, regulation, discovery, implementation and governance.

Elapsed Time: 5 months

Observations and Approach

The high level of awareness by personnel of the potential issues associated with the new regulation assisted greatly in establishing a set of actions required to make the Client’s company fully compliant.  The compliance systems already in place were up-to date but did not reflect the challenges of EU GDPR. REMORA focussed on 3 key areas crucial for business continuity under EU GDPR:

  1. Governance and compliance: develop a global data classification and storage policy that will both ensure privacy of the data stored and protect the individual’s rights to data privacy.
  2. Enforcement: ensure the Client’s company can monitor and track all data movements and prevent sensitive data leaks beyond the perimeter of the organisation.
  3. Seeking consent: the nature of the business is that data is a key asset in which case a key challenge is to seek, obtain and record consent to process personal data.

The project was run in close cooperation with all 10 of the Client’s functional departments.

Deliverables and Conclusions

A comprehensive set of documentation.

A coherent data management process that is in line with current best practices, including ISO and NIST-approved processes and procedures for:

  • Data Classification Policy
  • Standard Operating Policies and Procedures
  • Revised software and infrastructure requirements for EU GDPR compliance.

On completion REMORA delivered staged training to the firm’s personnel to ensure every employee fully understands and adheres to the new data collection and retention policies and procedures and is aware of the consequences of non-compliance with the policies and regulations that arise under EU GDPR.

The Outcome

  • Appropriate controls are in place to manage data infrastructure and fully prepare the company for EU GDPR;
  • A revision of the firm’s Policies & Procedures with Operations, Legal, Compliance and HR;
  • Personnel are trained on new policies and regulations.

The Client is happy with the results of the EU GDPR readiness project.