UDig Provides General Data Protection Regulation (GDPR) Assessment to Organization Needing to Determine their Course to Compliance
Through partnering with UDig on a GDPR-focused Assessment, our client was able to identify which of their data practices related to Personally Identifiable Information (PII) did or did not conform to regulatory requirements, and where their highest risk areas were for potential penalties. Additionally, they were able to prioritize remediation of these areas based on the level of risk attributed to each.
Facing the May 25, 2018 GDPR deadline, the organization was uncertain about what data practices and internal policies would compromise their compliance. They needed support in determining their highest areas of risk in order to build an effective go-forward plan for remediation. They lacked the documentation necessary under the GDPR to map key personnel as well as third party data systems and organizations with access to PII. Operating in many different EU countries also presented a challenge to map data practices and risk levels for each individual office.
The UDig team conducted a series of interviews with key stakeholders and Subject Matter Experts to gain a thorough understanding of their current data architecture, business and functional requirements and existing challenges. These findings informed a Current State Analysis document which assessed data sourcing, accuracy, governance and retention. Based on this analysis, a Data Process Map illustrated the data workflow around existing internal procedures. The Roadmap deliverable indicated the gaps between current state and future state and featured Heat Maps to illustrate and triage areas of risk tied to specific articles/requirements of the GDPR. Finally, the Summary of our findings provided synthesis and analysis of what we discovered and served as the ‘plain-English’ takeaway to ensure a clear path to compliance with the GDPR.
Tools and Methodologies
20 Personnel (SME) Interviews informed a Current State Analysis and Data Systems Index and was accompanied by a Data Workflow Map illustration. The Heat Map illustrated five levels of risk based on requirements outlined in 27 different articles of the GDPR and their related recitals. Our final deliverable provided analysis of each risk level and recommendations for data security and policy measures to mitigate risk of penalties.