For many companies GDPR (General Data Protection Regulation) legislation is somewhat of an abstraction. And it’s for this reason that our client asked us to translate legislation into a specific GDPR compliance working method, ensuring that the existing information flow, data management, authorisations and archiving comply with GDPR requirements. In this context, all employees had to be aware of the legislation and adapt their working methods to be GDPR compliant.
Thanks to our approach, we make GDPR legislation tangible for companies. We also give companies’ employees the tools to comply, and keep complying, with the relevant legislation. Our approach for this client comprised several phases, namely: analysis, remedial measures, implementation and embedding.
The project team, together with the GDPR-SuperUsers of the 11 departments from the client’s organisation, kicked off by analysing over 850 processes and deliveries. These were reports with financial and management information to underscore the correct management and accountability of the entire organisation. Several different questions were analysed in this phase. In which databases is personal data processed, for example, and does GDPR actually apply? Which employees are authorised to access these databases and how are the data carriers archived? Which GDPR issues are encountered and what needs to be done to make the data carriers, authorisations and archiving of data and databases GDPR-proof?
During the analysis phase it transpired that 324 processes and deliveries were susceptible to GDPR issues, in other words, risks. After categorising these issues we identified potential solutions. Applying Agile/Scrum methodology and using sprint schedules enabled us to address all issues in the existing processes and deliveries, spread over four departments and the 11 teams.
In a Brown Paper session we defined improvement proposals for the GDPR risks that were identified in all the existing processes. Eventually, we proposed a completely new GDPR working process, complete with the necessary roles and authorisations. By giving implementation training, we coached all 252 employees in GDPR awareness and in the new working process. This gave employees tangible tools to ensure that all new processes and deliveries would, in future, comply with GDPR legislation.
Given that the GDPR is not of a temporary nature but here to stay, it is important to continuously monitor the quality. To this end we set up a complete control framework in which all key risks were translated into key controls and test questions. We trained the business controllers to carry out first- and second-line checks. Now, the results of the checks are recorded in a dashboard. This makes it possible to see, at a glance, the level of quality and in which areas improvements can still be made. In each team a GDPR SuperUser and Data Coordinator has been appointed, to support all employees in the implementation of GDPR and to guarantee the required level of quality.
Compliance with GDPR legislation is, of course, mandatory. ITDS helped this client translate this compliance into concrete solutions and methodologies. The client’s entire information flow, data management, authorisations and archiving now comply with GDPR legislation. We have implemented new processes that ensure that all existing activities are carried out in accordance with GDPR legislation. A solid foundation has been laid down and all 252 employees have been trained in awareness and the new processes. It means that the client has been made GDPR-proof and will remain so in future.
Want to know more about our Consultancy services? Click here.
WHAT CLIENTS SAY
Estratégia internacional de TI e mudança organizacional
“É preciso pôr as pessoas do nosso lado porque nem todos gostam de mudança"
Em pouco mais de 40 anos, a Brunel evoluiu de uma empresa de corretagem baseada em Delft para uma prestadora de serviços internacional que emprega mais de 11.000 pessoas em 37 países. Em muitos destes países, a Brunel utilizou sistemas de TI locais, cada um com as suas próprias definições. Para que tudo se torna-se sustentável no futuro, todos estes sistemas tiveram de ser substituídos por um único sistema baseado no mesmo padrão.
Estratégia Social e Implementação para a OHRA
“Assim que estivéssemos satisfeitos, eles elevariam a fasquia”
No espaço de apenas alguns anos, o papel das Redes Sociais na OHRA cresceu de um "pequeno extra simpático" para um canal de negócios de pleno direito.
Iris Wezenberg - a anterior Gestora das Redes Sociais e agora Gestora de Serviços Online nesta seguradora holandesa - explica como tudo isto surgiu.
Configuração e implementação de uma política de Customer Due Diligence
“Realizar um bom começo foi metade da batalha”
O desafio enfrentado pelo KAS BANK era implementar uma política de Customer Due Diligence (diligência sobre o cliente) e racionalizar os arquivos do cliente num período limitado de tempo.
Em colaboração com a ITDS, o gestor de projeto Marc Brouwer aceitou o desafio.