Client Success Story No. 2:

Beyond Compliance: Demystifying GDPR

Client Situation

·             Client has global operations, including within the European Economic Area (EEA)

·             As such, client is subject to the General Data Protection Regulation (GDPR)

·             Stakeholder and Shareholder pressure to ensure full compliance by GDPR implementation date.

Our Strategy:

·             Using a risk-based approach, transparent communication and leveraging best practices, SPR formulated the most time and cost-efficient approach to achieve GDPR compliance

Our Problem-Solving:

·             Conducted interviews with internal stakeholders to understand data flows, conduct gap analysis and formulate project plan for achieving compliance

·             Created effective communication flows between GDPR stakeholders to minimize duplication of work and creating uniform understanding of requirements.

·             Created and implemented approach to satisfying legal documentation requirements under GDPR

Our Results:

·             GDPR-compliant agreements (Global Data Processing Agreements, Internal and External Privacy Policies, Data Protection Addendums for third parties) executed prior to deadline

·             Ensured relevant stakeholders were apprised of rights and obligations under GDPR and created processes to handle GDPR-related inquiries (e.g. subject access requests)

·             The implementation of a robust compliance framework minimizes risk of fine imposition by Data Protection Authorities