How we managed to operationalize GDPR compliance through smart information management
Data Trust Associates has a strong background in both the financial and insurance sectors. One of our first customers is a leader in the insurance sector and is always looking at ways to innovate and disrupt across it many different organizational units worldwide.
This particular case study focuses on the use case of implementing a privacy management solution across different countries within EU and in the Far East also. This was indicated as a necessary component to standardize some key aspects of GDPR:
- Design and documentation and maintenance of the Data Resister
- Streamline the management of Data Protection Impact Assessments (DPIAs)
- Management of Data Subject Access Requests (DSARs)
- Manage ongoing improvements based on Data Protection Audit findings
After do the routine requirements gathering and market investigations, the selection of OneTrust as a privacy solution to meet the needs was straight forward. It would soon become clear though that the
tool was not going to answer some core issues that needed to be addressed: how to be organized so that stakeholders within data protection knew their roles and responsibilities and a more fundamental realization – data privacy needs data managementand vice versa and how to integrate this into the overall solution.
At the beginning of the assignment, the focus was on helping the local Data Protection teams and their GDPR business stakeholders to enable proper management of the information assets. By mapping the existing business processes, it became clear that, because of the volume of information and the increasing complexity of the business activities, the company was facing profound challenges due to a lack of maturity in data management and information governance.
The challenges that we encountered throughout the project were:
- Lack of clear ownership of data, resulting in conflicts of interest between stakeholders that lead to adverse outcomes for the organization
- The highly decentralized nature of the organization does not rhyme well with the transversal nature of data: the operating model forms a hindrance to the strategic objectives
- Different Countries of Operations move at differed paces and with different priorities
In cases like this, Data Trust Associates applies a multidisciplinary approach aimed at combining a sense of short-term pragmatism with the need for a long-term vision of data from a holistic perspective. The latter allows the customer to develop a data strategy that aligns with all business departments and brings enterprise-wide value.
Our Team of experts were fortunate enough to raise awareness at the executive level that the problems at hand require the organization to think in terms of business capabilities and leverage these to adhere to their strategic direction. Developing a mindset that refrains from looking at data from a purely IT-perspective is the best way to ensure the agility needed to navigate through an ever-increasing level of regulatory complexity and stay relevant in the competitive and innovative financial services market. The result of these discussions led to the following achievements:
- Strong executive commitment to develop a data strategy that aligns with and reflects the multi-year business strategy and allows for diversification of the product portfolio
- The development and implementation of a target operating model for the data privacy and -protection office, allowing it to increasingly leverage its mandate across the group
- The change of attitude towards compliance: from being perceived as a hindrance for business towards a value creating activity