Case Study

Growing technology company enhances privacy posture through GDPR readiness assessment prior to international expansion

The readiness assessment identified gaps between existing processes and the requirements of GDPR along with associated risks, and provided actionable recommendations for remediation.
Case Study

Growing technology company enhances privacy posture through GDPR readiness assessment prior to international expansion

The readiness assessment identified gaps between existing processes and the requirements of GDPR along with associated risks, and provided actionable recommendations for remediation.

Client need

One of the fastest growing technology companies in North America (headquartered in the U.S) identified a need to assess their compliance with the European Union’s (EU) General Data Protection Regulation (GDPR) prior to expanding their operations into Ireland to provide services to the EU.

Baker Tilly solution

Baker Tilly began the engagement by meeting with senior management to get a thorough understanding of their plans for growth and then moved on to reviewing relevant documents to get a better understanding of the company’s current privacy posture. Specifically, this review included policies, procedures, processes, training materials, and agreements pertaining to data privacy, operations, and marketing. As part of this information gathering phase, Baker Tilly conducted interviews with key stakeholders and departments involved with personal data processing activities including human resources, information technology, marketing and sales. The goal of the interviews was to identify and document the details associated with the department’s personal data processing activities. The details of the activities included such things as how the personal data was collected, where and how long it was stored, who it was shared with, how it was protected, and whether the individuals associated with the activity (the data subjects) were aware of these details.

Results

Baker Tilly provided the results of the assessment to the company in the form of a report, which identified the gaps between existing processes and the requirements of GDPR and the associated risks with the processing activities. Actionable recommendations for remediation were also provided to aid the company in enhancing their privacy posture and complying with the GDPR. The engagement was instrumental in providing the company a better understanding of their exposure and the extent of their personal data processing activities. As a result of the service provided, the company contracted Baker Tilly to provide ongoing strategic privacy advisory services to assist with and oversee remediation.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.

Electrical tower
Next up

Technology enablement