For many companies GDPR (General Data Protection Regulation) legislation is somewhat of an abstraction. And it’s for this reason that our client asked us to translate legislation into a specific GDPR compliance working method, ensuring that the existing information flow, data management, authorisations and archiving comply with GDPR requirements. In this context, all employees had to be aware of the legislation and adapt their working methods to be GDPR compliant.
Thanks to our approach, we make GDPR legislation tangible for companies. We also give companies’ employees the tools to comply, and keep complying, with the relevant legislation. Our approach for this client comprised several phases, namely: analysis, remedial measures, implementation and embedding.
The project team, together with the GDPR-SuperUsers of the 11 departments from the client’s organisation, kicked off by analysing over 850 processes and deliveries. These were reports with financial and management information to underscore the correct management and accountability of the entire organisation. Several different questions were analysed in this phase. In which databases is personal data processed, for example, and does GDPR actually apply? Which employees are authorised to access these databases and how are the data carriers archived? Which GDPR issues are encountered and what needs to be done to make the data carriers, authorisations and archiving of data and databases GDPR-proof?
During the analysis phase it transpired that 324 processes and deliveries were susceptible to GDPR issues, in other words, risks. After categorising these issues we identified potential solutions. Applying Agile/Scrum methodology and using sprint schedules enabled us to address all issues in the existing processes and deliveries, spread over four departments and the 11 teams.
In a Brown Paper session we defined improvement proposals for the GDPR risks that were identified in all the existing processes. Eventually, we proposed a completely new GDPR working process, complete with the necessary roles and authorisations. By giving implementation training, we coached all 252 employees in GDPR awareness and in the new working process. This gave employees tangible tools to ensure that all new processes and deliveries would, in future, comply with GDPR legislation.
Given that the GDPR is not of a temporary nature but here to stay, it is important to continuously monitor the quality. To this end we set up a complete control framework in which all key risks were translated into key controls and test questions. We trained the business controllers to carry out first- and second-line checks. Now, the results of the checks are recorded in a dashboard. This makes it possible to see, at a glance, the level of quality and in which areas improvements can still be made. In each team a GDPR SuperUser and Data Coordinator has been appointed, to support all employees in the implementation of GDPR and to guarantee the required level of quality.
Compliance with GDPR legislation is, of course, mandatory. ITDS helped this client translate this compliance into concrete solutions and methodologies. The client’s entire information flow, data management, authorisations and archiving now comply with GDPR legislation. We have implemented new processes that ensure that all existing activities are carried out in accordance with GDPR legislation. A solid foundation has been laid down and all 252 employees have been trained in awareness and the new processes. It means that the client has been made GDPR-proof and will remain so in future.
Want to know more about our services in the area of legislation and regulations? Click here.
WHAT CLIENTS SAY
Set up and implementation of a Customer Due Diligence policy
“Making a good start was half the battle”
The challenge facing KAS BANK was to implement a Customer Due Diligence policy and rationalise customer files in a limited timeframe.
In collaboration with ITDS, project manager Marc Brouwer took on the challenge.
A social strategy and implementation for OHRA
“As soon as we were satisfied, they’d raise the bar”
In the space of just a few years the role of Social Media at OHRA has grown from “a nice little extra” to a fully fledged business channel.
Iris Wezenberg – previously Social Media Manager and now Online Service Manager with this Dutch insurer – explains how it all came about.
An international IT strategy and organisational change
“You have to get people onside because not everyone likes change”
In just over 40 years Brunel has evolved from a Delft-based brokerage company into an international service provider employing more than 11,000 people in 37 countries. In many of these countries Brunel used local IT systems, each with its own definitions. To make it all future-proof, all these systems had to be replaced by a single system based on the same standard.
Stefan de Boer, Manager Global IT, tells about the collaboration with ITDS.
RELATED casesShow all cases
RELATED SERVICESShow all services
Legislation and Regulation
The Dutch and European authorities come with new regulations that you have to comply with every year. We all embrace the motives for this: privacy, comfort, transparency. But the implementation of these regulations has consequences for your operation, from administration to reporting. Above all it takes time and energy to keep your knowledge up to date on the changes and their implications. This all imposes a heavy load on your organisation. But we prefer to see it as an opportunity to make your organisation ready for a transparent and client focused future. Our experts deal with these challenges every day. Together with you, they will quickly determine the impact of new laws and regulations so that you can quickly return to focussing on innovation and development.read more
General data protection regulation (GDPR)
We map all your processes and systems with our GDPR Assessment, then we determine where privacy sensitive data is present and add them to the requirements of the GDPR. Within four weeks, you know where you stand – and what you have to do. We can also assist you with implementation, whether it be drafting editing agreements, setting up a data registry, performing PIAs or mapping and realizing system adjustments: our GDPR Support Team is waiting for you.read more