概述
我们的客户是欧洲领先的水和咖啡综合解决方案供应商. 该公司目前拥有近3名员工,000名员工, 以及遍布欧洲的分销网络,包括生产设施, 一支超过1人的舰队,000辆服务车辆, 还有几十个当地的水源.
Background
With the 欧洲an Union’s General Data Protection Regulation (GDPR) enforcement deadline approaching in May 2018, the company proactively sought outside assistance to get ahead of the GDPR and implement an effective compliance program. The company was required to comply with the new law because it has operations in 15 欧洲an Economic Area (EEA) countries and processes data for thousands of 欧洲an clients. 然而, 它并没有完全掌握它所持有的哪些个人数据受GDPR的约束, 或者如何实现遵守新的隐私义务.
在很多情况下, 公司试图在内部评估和调整他们的数据处理, but do not understand the expansive scope of GDPR guidelines and the compliance challenges that often arise. 看似熟悉的术语, 例如“个人资料”和“处理”,在GDPR中具有具体而广泛的含义, 公司不一定熟悉合适的定义.
项目
RSM was chosen to help the company based on the team’s collaborative approach and proven experience with GDPR compliance, 以及其广泛性, 在几个关键的风险管理领域与公司的美国客户建立了成功的关系.S. 家长.
对于该公司来说,制定治理结构是实现GDPR合规的第一步. 因此, the RSM team initially established a project management office and steering committee to guide the significant amount of work necessary to adhere to the GDPR.
RSM then brought every key stakeholder that was responsible for GDPR compliance to the company’s 欧洲an headquarters and led a daylong education and planning session. 会议涵盖了GDPR的全部范围, 包括其含义和要求, 以及对业务流程需要如何更改的初步预测.
“Many stakeholders were unfamiliar with GDPR and didn’t really have a clear sense of how much it was going to affect the company,客户说. “我们不一定认为自己是一家保存个人数据的公司, so, 靠我们自己, 我们会认为这并不会真正影响到我们. 因此,设置初始启动对我们定义项目范围至关重要.”
接下来,RSM团队进行了一次彻底的数据映射练习. 这个行业分布很广, 每个国家都有特定的流程, 也没有集中的数据寄存器来记录数据的数量, 它的目的, 或者它在GDPR背景下的重要性. RSM worked with the organization at both a corporate and country level to understand what data the company held, 这些数据是如何使用的, 更重要的是, 为什么以及如何处理这些数据.
“RSM与所有vwin娱乐场官方进行了发现会议, 考虑他们持有的哪些数据受到GDPR的影响,客户评论道. “They considered the systems in place and spoke cross-functionally to the marketing and IT teams to understand the organization on an individual market level, 数据所在的位置, 以及它是如何储存和使用的.”
收集信息是一个复杂的过程, with RSM leveraging its global footprint and ability to work efficiently in native languages on the ground in all countries, 包括美国.K.美国、德国、法国和波兰等国. 这对公司来说是一次大开眼界的尝试, 意识到它真正拥有多少数据以及受GDPR要求约束的数据量.