Assisted a global air carrier in conducting an assessment of its readiness to meet the requirements of the EU General Data Protection Regulation (GDPR). The engagement focused on enabling GDPR compliance through targeted interaction with Information Technology and Legal functions, using GDPR as a launching pad to implement greater data security controls across the organization. The project team applied strategically integrated regulatory and security requirements to business processes and information systems in order to deliver successful project outcomes.
Prepared global biotech company for Privacy Shield certification. Activities included creating data maps depicting the flow of personal information through its life cycle across multiple high-risk processes in order to ascertain the existence of or need for Privacy Shield-related controls. Additional activities included remediating identified gaps in Privacy Shield requirements, supporting the updating of third party contracts (post-certification) to meet Privacy Shield obligations, and assisting in the creation of an annual self-certification plan.
Global Technology Service Provider
Assisted a global business technology service provider in preparing to meet the requirements of the EU General Data Protection Regulation (GDPR). The engagement team first conducted an assessment of identified high-risk business processes against GDRP requirements in order to identify existing gaps. A highly detailed remediation roadmap was then designed to enable the client to undertake and successfully execute remediation activities in order to gain GDPR compliance. The roadmap focused on narrowly defined activities assigned to functional owners and provided recommended resourcing models, estimated timelines and dependencies.