A Nordic customer wanted to consolidate and centralise the control and reporting of their respective countries' GDPR compliance to achieve an overview across the group and utilise synergies on efficiency and quality of the overall knowledge, experience, and Best Practices in the area.
A GDPR program with eight tracks was established, which Maximize Consult was to lead. The program had two overall goals:
In collaboration with the various countries project managers, we created an overview of the current level of compliance. Moreover, through a series of workshops, we prepared a priority list of recommended initiatives to improve selected areas in the business' handling of personal data. In addition, we reviewed all data processor agreements and updated where relevant, and together with the client we conducted training in the desired behaviour concerning compliance with the GDPR.
The client went from having four different systems and methods for establishing and following up on GDPR compliance to a well-functioning central system, in which there can be ongoing management and reporting. At the same time, there is now a common understanding of controls and behaviour in connection with the handling of personal data.