Reducing Regulatory Fines and Improving Privacy Operations

Background & Challenges

A multinational, Global 200, company hired BDO at the inception of the GDPR to act as their Data Protection Officer (DPO). Since then we have expanded our DPO role to represent the client in more than 15 countries and help them with additional data protection services in more than 40 countries.

Approach

BDO reviews organizational policies, processes, technology, and procedures to help ensure that the company will notify consumers and protect individual rights in accordance with the law. As the DPO, we help the company to implement appropriate individual rights practices, review and integrate their Records of Processing Activities (ROPA) register with other software, customize privacy enhancing technologies (PET) to optimize operations, establish regulatory reporting capabilities, and work with regulators and consumers to resolve inquiries and investigations. 

We also establish third-party data sharing protocols, develop a consumer complaints request and resolution framework, review standard contractual clauses and data protection agreements, conduct data transfer impact assessments, and assist with Privacy Impact Assessments (PIAs), and Data Protection Impact Assessments (DPIAs) that have been integrated with their Data Protection by Design and Default program.

Client Impact

BDO has helped the client to reduce regulatory fines and continues to improve their privacy operations to meet its compliance obligations. Additionally, BDO has elevated privacy and data protection to the board level to make it a priority for the organization.