Challenged by diverse data privacy rules in different countries, client required support in establishing data compliance in the area of CRM across all European affiliates:
• Due to lack of documentation on real data database contents, client expected that some data privacy compliance issues
were internally known, but others possibly existed
• Commercial Operations aimed to ensure alignment to EU regulations, but data compliance skills were not within client’s
• Possibility of upcoming regulatory audit following changes in some information management systems was pressing to
manage eventual risks.
Therefore, a third party review of data privacy were desired.
The project team assessed seven aspects for their effect on the outcome:
• External Constrains: level of understanding of external regulations and their integration into company policies
• Organization: how managers, employees and data management were approaching data privacy based on guidelines
• Geography: how global policies and country specific requirements are understood and applied
• Systems and Tools: whether system related data, input methods or specific information sources are root cause
• Technology: extent of existing system configuration dedicated to enforce policies and regulations
• Data: eventual not compliant data already being stored
• Business Processes: level of alignment between business processes and policies & regulations.
With an approach combining top-down (from the information assets upwards) and bottom-up (from relevant policies downwards), the team documented the status-quo within four weeks, while exactly identifying all issue areas.
The remediation initiative were then both correcting root causes, fixing impacted data and delivering the evidence of data privacy compliance.