Client need

One of the fastest growing technology companies in North America (headquartered in the U.S) completed a General Data Protection Regulation (GDPR) readiness assessment and identified a number of findings for which our support would be beneficial from both a resource and subject matter expertise position.

Baker Tilly solution

Baker Tilly worked with the company’s information technology director to first identify, and then prioritize the findings based on need and level of effort. This included revising the company’s existing privacy policy, incident response plan, and data classification scheme to align with the requirements of GDPR. In addition, Baker Tilly produced new content for employee privacy awareness and modified existing employee training materials to address privacy best practices and an overview of GDPR. Throughout the service, Baker Tilly conducts regular touchpoints with the company’s stakeholders to discuss questions and concerns pertaining to data privacy, continues to support ongoing compliance initiatives, and serves as the point of contact for any privacy inquiries.

Results

Acting as a Virtual Data Protection Officer (VDPO), Baker Tilly provides privacy expertise on an as-needed basis as well as formal support with privacy initiatives in alignment with the company’s remediation project plan. Some of the services and deliverables provided during this engagement have included a comprehensible and transparent privacy policy, an incident response plan that incorporated evaluation criteria, reporting procedures, and templates for notification, and an updated data classification scheme designed to align with the definitions set forth in GDPR for personal and special category data. Baker Tilly continues to provide strategic privacy advisory on an on-going basis for the client.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.