.png)
A team within a multinational technology company identified a need to establish processes and mechanisms to adhere to GDPR guidance, a complex data protection law created by the EU in 2016.
This system would improve the companies’ security, compliance, storage and management of user data with transparent policies and practices.
THE CHALLENGE
Due to the creation of the GDPR, companies were required to implement standards across their organizations to adhere to its policies.
As our client was a team under a relatively new division, this undertaking would require detailed understanding of the division layout, data structures currently in place, and organizational methods to ensure all guidance documentation was up to date.
"RedCloud quickly grasped how the EU GDPR directive would impact our business and customers and quickly [put] a very effective plan in place, which provided more trust to our customers and ensured company compliance with a new global privacy law."
-- Client Representative
THE SOLUTION
RedCloud and the client team worked to map a holistic view of the division’s ecosystem to verify all teams were compliant with existing regulations. Our team identified all teams that processed personal data across the client’s division, conducted focused interviews, and organized and inventoried all systems. The comprehensive understanding of the division and its teams allowed for the implementation of the new privacy requirements mandated by the GDPR.
A plan was created and implemented based on knowledge of the division's operational functions and current data governance policies. RedCloud consultants created a v-team to guide other staff members through a step-by-step compliance process to ensure the division's teams were following all privacy regulations. As GDPR was a new and evolving regulation, our team studied the priority requirements and collaborated with cross divisions, including legal, marketing, and engineering teams. This information was then transferred to the v- team so the relevant processes or knowledge gaps could be highlighted.
As the compliance process matured, our team then focused on developing a plan for certain future changes to privacy requirements and data governance. RedCloud worked with the client to install Privacy Management Software and continued to standardize their privacy review processes. This allowed for the team’s work to be centralized in one system and provided a standard approach to case work.
RedCloud implemented a solution that resulted in a transparent digital compliance process, so that the client was fully prepared should regulators ever require an audit. Our team concluded the project by creating a roadmap for the division’s leadership to predict and prepare for what lies ahead in the changing privacy world.
THE RESULTS
Within a year after the help of the RedCloud team, the client’s division has gone from uncertain compliance understanding to a well-organized ecosystem with process-driven privacy reviews compliant with all privacy regulations, including GDPR.
The division is prepared for new data protection laws due to the new software systems in place and comprehensive understanding of policy regulations by all members of the privacy team. The GDPR expertise that RedCloud developed can be leveraged in our clients' other divisions and across the industry.