The Apple Cart of GDPR

Different systems and processes result in a lack of overview and control. A large Nordic telecommunications customer invited us to consolidate and create an overview of GDPR compliance across national borders.

Fact Box

A TOTAL OVERVIEW

A Nordic customer wanted to consolidate and centralise the control and reporting of their respective countries' GDPR compliance to achieve an overview across the group and utilise synergies on efficiency and quality of the overall knowledge, experience, and Best Practices in the area.

RIGHT COURSE WITH STRUCTURE

A GDPR program with eight tracks was established, which Maximize Consult was to lead. The program had two overall goals:

  1. to map the existing GDPR status using the RISMA tool.
  2. to prepare a GAP analysis that could identify the need for improvements and the required action plans.

In addition, the program was to propose an organization of future GDPR compliance work.

WE COMPLY WITH RULES IN THE COMMUNITY

In collaboration with the various countries project managers, we created an overview of the current level of compliance. Moreover, through a series of workshops, we prepared a priority list of recommended initiatives to improve selected areas in the business' handling of personal data. In addition, we reviewed all data processor agreements and updated where relevant, and together with the client we conducted training in the desired behaviour concerning compliance with the GDPR.

CONTROL MADE EASY

The client went from having four different systems and methods for establishing and following up on GDPR compliance to a well-functioning central system, in which there can be ongoing management and reporting. At the same time, there is now a common understanding of controls and behaviour in connection with the handling of personal data.