How a Global Services Company Reduced Its Technology Footprint and Organizational Risk

Background & Challenges

A global business services company based in 140 countries with more than 60,000 employees needed to implement an enterprise-wide Data Protection by Design and Default program. Initial issues were that their Privacy Impact Assessment (PIA) processes and tools were not integrated with the global security and vendor assurance processes. The company struggled with implementing a PIA process and identifying when Data Protection Impact Assessments (DPIAs) should be initiated. Separately, the client was struggling with implementing a Data Protection by Design and Default program to enable software developers to implement privacy and data protection at the onset of designing software applications and mobile apps.

 

Approach

BDO determined that the first task was to deconstruct the PIA and DPIA process, integrate software tools, and train the privacy, security, and vendor assurance team on the new process and tools. BDO then developed a process that allowed the organization to institute privacy and data protection measures at the ideation phase of a new project, system, or application. This required the development of detailed Data Protection by Design and Default guidelines, policy, and process playbooks, which was followed by training software developers, business unit leaders, privacy, and security.

 

Client Impact

BDO reduced the client’s technology footprint and time to complete the tasks, while reducing overall risk to the organization. The organization reduced cost by 30% and developed a defensible process that withstands the scrutiny of global regulators. End-user satisfaction and assessment quality both improved since the initiation of the new processes and policies.