Client Needs
A global leader in engineering, new technology and software development operating in 100 locations across 15 countries wanted to improve data governance policies, processes and systems in its Republic of Ireland operations. In the past, the company had grouped the UK and Ireland operations together but found that Irish data governance compliance was often treated as an extension to UK compliance. A fuller focus on the specific data governance needs and cybersecurity challenges in the Irish market was needed. The client was seeking to ensure that its operations in Ireland fully understood and owned their data governance risks and understood their local legal obligations, within the context of the global business. Strategic, risk-based and specific changes to existing policies, procedures and systems were needed.
PrivacySolved Services and Solutions
PrivacySolved provided consulting services on records classification, information management and data protection, specifically focusing on General Data Protection Regulation (GDPR) risks and compliance. A review of the Irish Records of Processing Activities (ROPA) was carried out to ensure that Ireland-specific data flows were identified, risk assessed, quality checked and updated. PrivacySolved led work to revise data maps and update the Records Management Policy and enterprise-wide Record Retention Schedules. Human Resources data, supply chain clients and customer personal data were identified as key data sets. An external legal review took place to ensure that key Irish statutory obligations about records retention were included. As part of the data risk reduction strategy, records retention schedule timelines were simplified to promote transparency, make data destruction tasks easier to manage and imbed data minimisation. PrivacySolved also produced Ireland-specific data protection notices, human resources data guidelines and an updated procedure for collecting and handling client marketing data from the global organisation and from external clients in Ireland and the wider EU.
Results
The company used PrivacySolved’s expertise and outputs to:
- Empower leaders and staff in Ireland to own and manage local personal data risks
- Comply with GDPR, Irish data governance laws and local information security norms
- Reduce the risk of contract breaches and data misuse professional indemnity claims
- Improve data transparency, data minimisation and improve client service delivery