GDPR Compliance Case Study
Assist a major North American company (the client) based in with the General Data Protection Regulation (GDPR) compliance. Specifically, get the client GDPR compliant, and help in maintaining annual compliance initiatives.
The client specializes in holding dozens of entertainment venues throughout the United States annually that includes attendance from approximately 4.5 million patrons from various European Union (EU) nations.
Challenges & Needs
Our client had very little understanding of the GDPR – a massive piece of legislation affecting millions of businesses throughout the EU and other regions around the world. What’s worse, senior management and directors had completely different interpretations of what initiatives had to be undertaken for compliance, creating further confusion with their organization. Additional challenges included the following:
- No GDPR Experience and No Culture of Compliance: Having never been exposed to the GDPR regulation the client was woefully unprepared, overwhelmed, and understaffed. They had no real strategy on where to begin, what initiatives to undertake, and who to turn to. They needed help, and fast.
- Completely Missing GDPR Documentation: The client had hardly any information security, operational and privacy policies and procedures in place. Even worse, because the GDPR is rather vague in terms of what specific documents should be in place, the client was unclear as to where to begin in terms of even deciding what policies and procedures needed to be developed.
- Weak GDPR Internal Controls: The client quickly realized they lacked many of the formalized processes and procedures necessary for the GDPR. Very little oversight and accountability was in place when it came to critical controls surrounding data security, privacy, and protection.
- Inadequate Security Tools: Per Article 32 of the GDPR, controllers and processors are to “…implement appropriate technical and organizational measures…”. This ultimately requires implementing various security tools and solutions, none of which the client was even aware of and where to obtain them from.
- Unclear as to What the Next Steps Were: The client was unsure as to their next move. Spend money on security tools and hope for the best? Hire policy writing experts and begin the exhaustive process of creating all required policies and procedures? They became confused and frustrated, further compounding their GDPR compliance efforts.
FLANK brought in a team of global privacy experts to meet with the client and determine their immediate needs for GDPR compliance. With limited time and many challenges for our client, we had to move fast in putting together a game place that would result in full compliance with the GDPR.
- Successfully defined GDPR project scope, including roles and responsibilities for all internal personnel at the client.
- Identified gaps and deficiencies within the client’s control environment in accordance with the GDPR framework, offering expert recommendations on remediation and next-steps.
- Provided GDPR specific policy toolkit for helping put in place all required information security, operational, privacy, and data rights policies and procedures.
- Conducted comprehensive GDPR security awareness & training seminars.
- Acquired numerous security tools for helping achieve full compliance.
- Implemented of a true compliance framework in accordance with the GDPR.
- Achieved compliance quickly and cost-effectively, successfully avoiding many of the GDPR challenges common with so many other companies.
- Brought to the attention of management the need for continuous compliance initiatives for maintaining GDPR compliance.
- Adoption of a corporate culture that now understands the real the value of regulatory compliance, especially regarding the safety and security of personal data.
- Implementation of an ongoing continuous compliance framework that allows our client to be efficient and cost-effective in terms of annual GDPR compliance workload and costs.
- Removed the burden of compliance from internal operational staff to FLANK.
- Massive savings in both time and money for annual GDPR compliance costs moving forward!
FLANK provides comprehensive GDPR compliance and consulting services & solutions for controllers and processors all throughout the globe. Whatever your GDPR compliance needs are – from documentation to expert advices – we have the expertise for helping you every step of the way.