Nonprofit

General Data Protection Regulation (GDPR) Assessment Helps Organization Determine Course to Compliance

Through partnering with UDig on a GDPR-focused Assessment, our client was able to identify which of their data practices related to Personally Identifiable Information (PII) did or did not conform to regulatory requirements, and where their highest risk areas were for potential penalties. Additionally, they were able to prioritize remediation of these areas based on the level of risk attributed to each.

STRATEGIC SNAPSHOT

Challenge

Identify what data practices do or don’t conform to regulatory requirements; determine overall risk for penalties.

Strategy

Complete in-depth review of internal practices, processes and policies relating to PII and determine where remediation is required.

Outcome

In-depth assessment of current state vs future state triaged according to risk level with recommendations for policy measures.

Our Roadmap identified gaps between current and future state and illustrated and prioritized areas of risk tied to specific elements of the regulation.

Challenge

Facing the May 25, 2018 GDPR deadline, the organization was uncertain about what data practices and internal policies would compromise their compliance. They needed support in determining their highest areas of risk in order to build an effective go-forward plan for remediation. They lacked the documentation necessary under the GDPR to map key personnel as well as third party data systems and organizations with access to PII.  Operating in many different EU countries also presented a challenge to map data practices and risk levels for each individual office.

Outcome

The UDig team conducted a series of interviews with key stakeholders and Subject Matter Experts to gain a thorough understanding of their current data architecture, business and functional requirements and existing challenges. These findings informed a Current State Analysis document which assessed data sourcing, accuracy, governance and retention. Based on this analysis, a Data Process Map illustrated the data workflow around existing internal procedures. The Roadmap deliverable indicated the gaps between current state and future state and featured Heat Maps to illustrate and triage areas of risk tied to specific articles/requirements of the GDPR. Finally, the Summary of our findings provided synthesis and analysis of what we discovered and served as the ‘plain-English’ takeaway to ensure a clear path to compliance with the GDPR.

How We Did It

Data Strategy & Roadmap Design
Maturity Assessment