A global retailer with operations in multiple countries faced challenges preparing to meet data privacy rules under GDPR. With just over two months to spare and 600 applications/repositories containing potentially relevant PII (personally identifiable information), they realized they needed assistance. Organizations in breach could be subject to costly fines – up to 20 million euros or 4 percent of annual global turnover.
The client’s senior counsel and global records manager needed a firm who could hit the ground running and get up to speed quickly. Access Sciences’s SMEs joined with client representatives in a virtual strategy session and began onsite interviews with business and technical stakeholders 24 hours later.
Based on those conversations, our team was able to reach a common understanding of the tools, approach, and goals of the organization. While becoming GDPR compliant was the client’s most urgent need, implementing a robust IG program was also a priority for them in the long-term. Because IG expertise is crucial in understanding relationships between personal data, systems, and supporting business processes, our SMEs were able to contribute to both of the team’s objectives.
As a result, the client not only met their deadline, but they also gained insights about their information, increased awareness about compliant and sustainable information management practices, and established a strong foundation for decision-making.
In a little over 2 months, the Access Sciences team completed 22 interviews, 39 data maps, and 40 process diagrams for 14 key business processes where PII is processed and retained.
Our client was proud of the work we accomplished together in a short time-frame, and at the conclusion of our recent meeting, energetically distributed high-fives for everyone.
Download case study.
June 19, 2018