Baker Tilly
Contact us
Windows of a building feature this piece of real estate
Case Study

University gains insight into its GDPR compliance progress through data privacy analysis, establishes peer benchmark

The institution enhanced their alignment with GDPR, and used results of benchmarking efforts to better understand how their data privacy best practices would be perceived.
Windows of a building feature this piece of real estate
Case Study

University gains insight into its GDPR compliance progress through data privacy analysis, establishes peer benchmark

The institution enhanced their alignment with GDPR, and used results of benchmarking efforts to better understand how their data privacy best practices would be perceived.

Client need

A private university, who was actively working towards compliance with the European Union’s General Data Protection Regulation (GDPR), requested assistance to evaluate their current progress and identify the next actions.

Baker Tilly solution

Serving the internal audit team, Baker Tilly met with the university’s privacy team to gain a thorough understanding of their knowledge of the GDPR, exposure (as they had identified and quantified it), concerns, actions taken thus far and identified next steps, reasoning behind their actions, and prioritization process. Baker Tilly reviewed existing documentation to understand the university’s current compliance posture as well as their action plan for continued compliance and identified areas for enhancement. These documents included policies and processes on privacy and personal data security as well as completed data protection impact assessments (DPIAs). To further validate their reasoning and to identify additional gaps, Baker Tilly conducted interviews with key stakeholders involved in departments or processes that regularly processed personal data such as Admissions, Information Technology, and the Study Abroad program. This approach allowed Baker Tilly to validate the efforts completed, provide guidance on the items identified in the university’s action plan, and determine additional items that should be addressed to ensure GDPR compliance. Finally, Baker Tilly conducted a high-level benchmarking of externally verifiable compliance efforts against the university’s peers.

Results

Baker Tilly provided the university a report and associated briefing of the analysis, which included strengths and opportunities for enhancement aligned with a set of actionable recommendations. In addition, the university was provided the results of the benchmarking efforts which served to provide a better understanding of how the university would be perceived with regards to privacy best practices as compared to its peers.

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.

Related sections

Team meets to discuss strategy
Next up

Initial GDPR readiness assessment leads to comprehensive, strategic privacy advisory of growing technology company

Go to case studyarrowCreated with Sketch.