Cybersecurity: data privacy
Challenge:
The EU’s General Data Protection Regulation (GDPR) is a growing concern for companies doing business in Europe.
A US-based recruiting company recognized that they faced greater exposure from privacy issues due to the highly personal nature of the data they hold on job candidates. To mitigate the financial and reputational risks and potential costs of non-compliance with the GDPR, senior management issued a corporate directive for all divisions to be in compliance from organizational, technical and legal standpoints; for each group to conduct regular risk analyses of existing and anticipated processes and tools; and for each group to proactively develop recommendations to eliminate or correct any identified or potential areas of non-compliance.
Despite this mandate, most divisions remained unsure of what type of private data they collected, what processes were vulnerable, and what information was shared with third parties.
How Mazars helped:
Working with HR, Security, Legal, IT, and Compliance, Mazars developed a standardized approach that could effectively and efficiently manage the most privacy-sensitive processes across multiple entities of the group. In addition, Mazars conducted a thorough analysis of the company’s SLA measures and made recommendations for implementing binding rules to secure international transfers necessary to ensure that data transfers to other countries met legal and security requirements.
Then, to ensure a speedy and effective rollout, Mazars conducted an organizational analysis, and developed a cross-functional action plan for each group – setting up dedicated corporate initiatives to reinforce GDPR compliance on specific topics (best practices, retention, transfers, etc.).
Results:
As a result, the company was able to generate a corporation-wide awareness of the importance of privacy, were able to develop specific tools to achieve and maintain compliance and were able to ensure that private data and data subject requests are appropriately controlled and responded to, avoiding brand degradation and promoting security.
Company executives and the Board of Directors now have a high level of comfort that the brand’s reputation will be enhanced, and the risk of fines or cease orders is minimized.
The information provided here is for general guidance only, and does not constitute the provision of tax advice, accounting services, investment advice, legal advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal or other competent advisers.