A private university, who was actively working towards compliance with the European Union’s General Data Protection Regulation (GDPR), requested assistance to evaluate their current progress and identify the next actions.
Baker Tilly solution
Serving the internal audit team, Baker Tilly met with the university’s privacy team to gain a thorough understanding of their knowledge of the GDPR, exposure (as they had identified and quantified it), concerns, actions taken thus far and identified next steps, reasoning behind their actions, and prioritization process. Baker Tilly reviewed existing documentation to understand the university’s current compliance posture as well as their action plan for continued compliance and identified areas for enhancement. These documents included policies and processes on privacy and personal data security as well as completed data protection impact assessments (DPIAs). To further validate their reasoning and to identify additional gaps, Baker Tilly conducted interviews with key stakeholders involved in departments or processes that regularly processed personal data such as Admissions, Information Technology, and the Study Abroad program. This approach allowed Baker Tilly to validate the efforts completed, provide guidance on the items identified in the university’s action plan, and determine additional items that should be addressed to ensure GDPR compliance. Finally, Baker Tilly conducted a high-level benchmarking of externally verifiable compliance efforts against the university’s peers.
Baker Tilly provided the university a report and associated briefing of the analysis, which included strengths and opportunities for enhancement aligned with a set of actionable recommendations. In addition, the university was provided the results of the benchmarking efforts which served to provide a better understanding of how the university would be perceived with regards to privacy best practices as compared to its peers.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.