A worldwide provider of global business technology solutions sought our assistance in preparing to meet the requirements of the EU General Data Protection Regulation (GDPR). In order to assist the client in meeting its objectives, the Tueoris team first conducted an assessment of a “sample group” of high-risk business processes against GDRP requirements in order to identify existing gaps. A highly detailed remediation roadmap was then designed to enable the client to undertake and successfully execute remediation activities in order to gain GDPR compliance. The roadmap focused on narrowly defined activities assigned to functional owners and provided recommended resourcing models, estimated timelines and dependencies. Finally, the Tueoris team led several threads of the remediation activities and actively supported the client in executing others, resulting in a GDPR compliance program that will meet customer and regulator expectations.

Through our experience with this client we learned that in large, global businesses with widely distributed operations, it is not unusual to find an environment in which ad hoc approaches to meeting complex business and regulatory requirements are commonplace. In order to effectively change that culture and gain consistent adoption of desired and required behaviors, well-designed procedural controls were essential, supported by meticulous implementation, including training that was concise and caused minimal interference with employees’ already busy workload, accompanied by ongoing communications to maintain awareness and adoption.

The Tueoris team applies their decades of experience to effecting change within complex organizations, recognizing that different business functions have widely varying needs driving the use of data. Our tested methodologies enable the development and implementation of procedural structures, supported by effective governance, that gain sustained adoption of enhanced data protection programs.

Tueoris assisted a global air carrier in conducting an assessment of its readiness to meet the requirements of the EU General Data Protection Regulation (GDPR), and designing a highly detailed remediation plan. The engagement focused on enabling GDPR compliance through targeted interaction with Information Technology and Legal functions, using GDPR as a launching pad to implement greater data security controls across the organization. The project team applied strategically integrated regulatory and security requirements at the enterprise level and to specific information systems in order to deliver meaningful project outcomes that met regulatory objectives and significantly enhanced safeguards for critical business data.

Our experience with the airline taught the Tueoris team that privacy and security initiatives – and GDPR readiness in particular – require that business function silos must be broken down to achieve meaningful results. Large-scale privacy and security projects require collaborative efforts across key functions such as Legal, Compliance, IT, IT Security and Procurement in order to enable the design and implementation of effective governance and technical solutions that have impact across the enterprise and at the application and system levels.

Tueoris teams are comprised of deeply experienced data security professionals, formerly practicing attorneys, and data privacy consultants with decades of experience. We are uniquely equipped to speak the language of our clients’ professionals and and get them communicating across functions to gain outcomes that have positive impact across the organization.