Case Studies

Situation

A multi-national financial services company was in a time crunch to start and implement a full GDPR program. They were late in addressing GDPR and fearing data subject enquiries after GDPR became effective in May of 2018. This organization was also looking for a way to implement privacy by design.

Approach

Layer 8 Security assigned a program manager and data privacy / security SME(s).

• Worked with internal and external counsel to determine the best approach for recording processing activities.
• Worked with IT to identify and classify systems performing processing or storage locations for PII.
• Inventoried all relevant processes and documentation.

Conclusion

Layer 8 Security working closely with General Counsel, managed the Program.

• Implemented and tested Business Continuity Program including IT DR
• Continuous improvement of solutions via implementation of Layer 8 Security security services
• Conducted a global inventory of application landscape, including data flow maps in key areas
• In specific cases worked with business to re-define key roles/responsibilities
• Defined a system lifecycle process including privacy and security by design with a maturity roadmap

Key Success Factors

• Ability to leverage prior knowledge, methods and templates for addressing GDPR requirements
• Teams understanding of IT architecture and bringing this to changes and / or updates needed to address security / privacy needs
• Application of the Layer 8 System Lifecycle methodology to address requirements in order of priority in iterations, including but not limited to business continuity