Upgrading Data Privacy by Design (PbD) in the Global Data Management and Cloud Data Sectors

Client Needs

A US Silicon Valley global data management company needed to upgrade and prioritise data Privacy by Design (PbD) within its internal engineering and external customer supply chains, products and services. It had a range of internal and external customer systems, databases and applications that had uncertain, old or poorly evidenced Privacy by Design histories. The business set a series of short timescales to introduce new broad-based risk assessments, new risk prioritisation matrix, new technology tools, new policies, procedures and a plan for roll-out and adoption. The company looked for global best practice that synthesized General Data Protection Regulation (GDPR) standards and rules from California, USA (Federal), China, the European Union and Asia Pacific. The company also wanted to ensure that data Privacy by Design remained imbedded in its new organisational culture and practices and could flexibly adapt to future regulations, best practice and technology innovation.

PrivacySolved Services and Solutions

PrivacySolved’s Legal and Regulatory Support Services led this project. A Senior Data Protection Officer (DPO) was also appointed to offer best practice support and EMEA expertise. After detailed meetings and consultations, gaps were found in data flow maps and Records of Processing Activities (ROPAs). PrivacySolved worked with the business units, IT, legal, procurement, HR and compliance to set up targeted systems mapping and data discovery. Our team created a new PbD risk assessment framework, risk prioritisation matrix, awareness resources and new policies and procedures. These were updated and expanded with training, outreach and an implementation plan. Data Privacy Ambassadors from across the business worked with us to set up test projects with the most high-risk systems, databases and applications. We worked with the organisation’s OneTrust implementation team to introduce new assessments and workflows covering Data Protection Impact Assessments (DPIAs), Privacy Impact Assessments (PIAs), Data Privacy Risk Reviews and PbD-Lite Reviews. This technology improved the quality of record keeping, accountability, transparency and stakeholder engagement.

Results

The company relied on PrivacySolved’s specialist expertise to:

Identify, prioritise and manage high-risk data systems, applications and data

Help the business to improve engineering standards, supply chains and grow value

Comply with data privacy laws, best practice and reduce regulatory and legal risks

Help improve the company’s Mergers & Acquisition and customer satisfaction status