A global retailer with operations in multiple countries faced challenges preparing to meet data privacy rules under GDPR. With just over two months to spare and 600 applications with potentially relevant PII (personally identifiable information), they knew they needed help.
Organizations in breach could be subject to costly fines – up to 20 million euros or 4 percent of annual global turnover.
Meeting this deadline required overcoming a number of challenges:
GDPR compliance goals on an accelerated schedule.
Partner with Information Governance professionals and legal counsel to achieve results
The senior counsel reached out to the internal global records manager for help with resources with IG subject matter expertise. Legal needed people who could hit the ground running and get up to speed quickly. Realizing that internal expertise wasn’t available and time was critical, Access Sciences was engaged, joined the team in a virtual strategy session, and began on-site interviews with business and technical stakeholders 24 hours later.
Our expertise in information governance was important in understanding the relationships between PII, the systems, and the supporting business processes. Right away we were able to contribute by:
At the project conclusion meeting, our clients reached across the table for high-fives all around. We successfully met the project’s deadline and stayed under budget. In a little over 2 months, we completed 22 interviews, 39 data maps, and 40 process diagrams for 14 key business processes where PII is processed and retained.
The project generated several benefits for the client: