Finance Industry

Situation

A multi-national financial services company was in a time crunch to start and implement a full GDPR program. They were late in addressing GDPR and fearing data subject enquiries after GDPR became effective in May of 2018. This organization was also looking for a way to implement privacy by design.


Approach

Layer 8 Security assigned a program manager and data privacy / security SME(s).

  • Worked with internal and external counsel to determine the best approach for recording processing activities.
  • Worked with IT to identify and classify systems performing processing or storage locations for PII.
  • Inventoried all relevant processes and documentation.

Conclusion

Layer 8 Security working closely with General Counsel, managed the Program.

  • Implemented and tested Business Continuity Program including IT DR
  • Continuous improvement of solutions via implementation of Layer 8 Security security services
  • Conducted a global inventory of application landscape, including data flow maps in key areas
  • In specific cases worked with business to re-define key roles/responsibilities
  • Defined a system lifecycle process including privacy and security by design with a maturity roadmap

Key Success Factors
  • Ability to leverage prior knowledge, methods and templates for addressing GDPR requirements
  • Teams understanding of IT architecture and bringing this to changes and / or updates needed to address security / privacy needs
  • Application of the Layer 8 System Lifecycle methodology to address requirements in order of priority in iterations, including but not limited to business continuity



BACK TO CASE STUDIES

Talk with our award-winning team