How we managed to operationalise GDPR compliance through smart information management.
Get Executive Management onboard for the Bigger picture.
Implement a successful Target Operating Model.
Shift in attitude towards GDPR as a value proposition.
Data Trust Associates has a strong background in both the financial and insurance sectors. One of our first customers is a leader in the insurance sector and is always looking at ways to innovate and disrupt across its many different organisational units worldwide. This particular case study focuses on the use case of implementing a privacy management solution across different countries within the EU and in the Far East too. This was indicated as a necessary component to standardise some key aspects of GDPR:
Design, documentation, and maintenance of the Data Register
Streamline the management of Data Protection Impact Assessments (DPIAs)
Management of Data Subject Access Requests (DSARs)
Manage ongoing improvements based on Data Protection Audit findings
The Challenge
After the routine requirements gathering and market investigations, the selection of OneTrust as a privacy solution
to meet the needs was straightforward.
However, it would soon become clear that the tool was not going to answer some core issues that needed to be addressed: How to be organised so that stakeholders within data protection knew their roles and responsibilities?
And a more fundamental realisation – data privacy needs data management and vice versa, and how to integrate this into the overall solution?
At first, the aim was to help the local Data Protection teams and their GDPR business stakeholders and facilitate the proper management of the information assets. By mapping the existing business processes, it became clear that, due to the volume of information and the increasing complexity of the business activities, the company was facing profound challenges, mainly due to a lack of maturity in data management and information governance.
The challenges that we encountered throughout the projectwere:
Lack of clear ownership of data, resulting in conflicts of interest between stakeholders that lead to adverse outcomes for the organisation
The highly decentralised nature of the organisation does not rhyme well with the transversal nature of data: the operating model was a hindrance to the strategic objectives
Different Countries of Operations move at differed paces, with different priorities. In such cases, Data Trust Associates applies a multidisciplinary approach aimed at combining a sense of short-term pragmatism, with the need for a long-term vision of data from a holistic perspective. The latter allows the customer to develop a data strategy that aligns with all business departments and brings enterprise-wide value.
Our Approach
At the beginning of the assignment, the focus was on helping the local Data Protection teams and their GDPR business stakeholders to enable proper management of the information assets. By mapping the existing business processes, it became clear that the volume of information and the increasing complexity of the business activities led to profound challenges due to a lack of maturity in data management and information governance.
The Result
Our team of experts were fortunate enough to raise awareness at the executive level. They could impart that the problems at hand require the organisation to think in terms of business capabilities and leverage these to adhere to their strategic direction. Developing a mindset that refrains from looking at data from a purely IT-perspective is the best way to ensure the agility. To note, agility is important to navigate through an ever-increasing level of regulatory complexity and stay relevant in the competitive and innovative financial services market. The result of these discussions led to the following achievements:
Strong executive commitment to develop a data strategy that aligns with and reflects the multi-year business strategy and allows for diversification of the product portfolio
The development and implementation of a Target Operating Model for the data privacy and -protection office, allowing it to leverage its mandate across the group increasingly
The change of attitude towards compliance: from being perceived as a hindrance for business to a value-creating activity
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Additional Cookies
This website uses the following additional cookies:
Please enable Strictly Necessary Cookies first so that we can save your preferences!
