Company
A multinational corporation operates across various global jurisdictions, with the majority of offices based in the European Union (EU).
Challenge
Because the corporation has many of its offices in the EU, it needed to determine whether it complied with the General Data Protection Regulation (GDPR) in the EU, where regulations are the most stringent. In addition, it had to comply with various other difficult-to-navigate regulations across the EU.
Support
Crowe legal consulting specialists conducted an information governance GDPR gap analysis to determine whether the corporation complied with GDPR, EU privacy laws, and local data protection laws where applicable.
Solution
Crowe provided a benchmarking analysis identifying areas of best practices and resources and delivered a detailed action plan with prioritized recommendations for addressing deficiencies. The Crowe team further proceeded to work with company’s privacy specialists to determine ways to comply with GDPR, EU privacy laws, and country-specific data protection laws.
Challenge details
To improve the corporation’s management of personal data and its overall data retention policies, Crowe legal consulting specialists assessed the following areas of GDPR compliance:
- Data protection governance
- Risk management
- Project resourcing
- Alignment of compliance leaders, data protection officers, and business executives
- Roles and responsibilities within the existing compliance structure
- Personal and privacy information management system implementation
- Information security management system (ISMS) implementation
- An ISMS is a framework of policies and procedures that includes the legal, technical, and physical controls involved in a company’s IT risk management processes.
- Best practices for information governance, data protection, and privacy
The corporation also requested delivery of firmwide data retention policies, including an ongoing data protection governance system to monitor the compliance put in place.
Solution snapshot
After assessing the level of conformity to the key areas of GDPR compliance, the Crowe legal consulting team drew up a gap analysis worksheet, providing a visual representation of any compliance lapses. The team also created a process analysis worksheet, which offered a high-level assessment of pertinent business procedures that involve the processing and retention of personal data.
The team’s full report and detailed action plan enabled the corporation to make the necessary adjustments in stages, spreading the costs out over a 24-month period.
Enhance your legal advice
Your clients come to you with many problems. Don’t spend time looking for solutions one by one. We’re here to help.
Takeaways
With a commitment to adhering to the law and creating internal policies based on best practices, the corporation achieved GDPR compliance in an efficient and cost-effective manner using the Crowe team’s action plan.
Our legal consulting specialists can assess your current legal situation, security practices, and operating procedures in relation to GDPR compliance and industry benchmarking. Contact us today to see how we can offer you an end-to-end solution.
