Cybersecurity: GDPR of major US manufacturer
Privacy policy
Challenge:
A major U.S. manufacturer processed large amounts of personal data in multiple countries. Because some of their operations fall under the jurisdiction of the European Union, they needed to assess their operational compliance with the privacy policy rules under the EU’s General Data Protection Regulation (GDPR).
In particular, they were concerned about being fined for non-compliance, or losing market share if they were subjected to sanctions requiring them to temporarily cease operations. They also recognized that if they were found not to be compliant, other compliant companies would not do business with them.
How Mazars helped:
Based on Mazars’ previous IT-related consulting and audit work, the company requested our help with developing a more efficient and effective Privacy Impact Assessment (PIA) program.
Working with the company’s Legal department, in less than three weeks Mazars was able to develop a GDPR compliant PIA program that enabled the company to perform PIAs in one week – an 85% reduction in time, using less than 40 work hours
Results:
The reduced work hours led to 80% reduced costs for the function and, with the new system in place, the company has been able to avoid fines, while maintaining high levels of confidence from their customers and the regulators.