Digital Banking and Payment Platform Services Company Required an Updated Data Protection Impact Assessment Process

Background & Challenges

A company operating in 25 countries with $442 million in revenue, 2,000 employees as well as relationships with 600,000 companies and more than 1,200 banks hired BDO for a Data Protection Impact Assessment. The client maintained defined and repeatable Data Protection Impact Assessments (DPIAs) for use across its business units but lacked subject matter knowledge regarding privacy frameworks and requirements like the General Data Protection Regulation (GDPR) and California Privacy Rights Act (CPRA). Additionally, due to segregated business units, the client’s privacy team did not have visibility into overall enterprise privacy compliance.  

Approach

BDO conducted a multiphase assessment, including discovery, analysis, design, and implementation. BDO assembled an experienced, certified team that understood the client’s business. We refined our assessment approach to accommodate business unit nuances, while continuing to drive efficiencies for analysis and reporting. BDO also identified gaps in the client’s DPIA process and remedied the issues. 

Client Impact

The revised process developed by BDO aligned the privacy team with global operations and initiatives, aligned with ever-changing regulatory guidance and expectations.