FTSE 100 Data Privacy Program
Our client, a UK headquartered FTSE 100 company, sought to mature and align its data privacy program to the GDPR. With an extensive geographic footprint across five lines of business, the company required our support to design, implement, and operationalise its data privacy program.
Following a detailed gap analysis, The Information Collective provided the company with a detailed assessment of the current level of compliance, the required costs and resources based on our "basic, better, best compliance" methodology benchmarked against The Information Collective model data privacy program. Before commencing work, we agreed on a detailed roadmap to remedy the compliance gaps and risks to our client's digital strategic priorities. Based on this roadmap, we worked with our client to design, implement and operationalise the data privacy program. Our work included:
Compiling the data inventory based on staff questionnaires and interviews;
Issuing a report on the lawfulness of the client's processing activities and recommended actions for improvement;
Drafting and implementing the relevant policies and procedures on managing individual rights, data protection impact assessments, and data breach response;
Training staff and raising awareness of data privacy across the organisation; and
Building and implementing a risk management framework to identify, respond, and monitor risks to the data privacy program and future digital transformation objectives.
Following our work, our client was able to build on a GDPR compliant data privacy program operating across all business functions and lines of business with increased organisation-wide awareness of the risks and benefits of data privacy.
Find out more about how we can help your organisation to build a robust and flexible data privacy program The Information Collective way.