The client aimed to develop a robust global privacy program. This required a comprehensive understanding and systematic mapping of their personal data processing activities across diverse internal systems and operational functions.
Key challenges included capturing the complete information lifecycle for customer and employee data, identifying associated IT assets, and pinpointing third-party involvement in data processing. The extensive scope involved mapping over 100 processing activities through a combination of onsite interviews and remote follow-up workshops, all within a defined timeframe and budget.
OUR SOLUTION: TARGETED DATA MAPPING & GOVERNANCE FRAMEWORK
Myna collaborated with the client to devise and implement a strategic methodology focused on identifying high-risk business functions to maximize efficiency and impact. This ensured a comprehensive mapping of all data processing activities within the in-scope functions. Our key activities included:
- Prioritized Risk-Based Approach: We defined high-risk processing functions and targeted these for the initial Data Mapping exercise, ensuring critical areas were addressed promptly.
- Empowerment Through Training and Facilitation: We provided General Awareness training and led intensive data-gathering workshops with key stakeholders and process owners to build internal capability and ensure thorough data collection.
- Dedicated Support and Verification: We facilitated regular support, and guidance calls for each process owner, assisting them in verifying and completing their data maps accurately.
- Systematic Data Documentation: We focused on completing and verifying spreadsheet-based data maps for each processing activity, ensuring all documentation was finalized within the engagement timeframe and budget.
Program Outcomes
This focused engagement yielded substantial improvements to the client’s data privacy posture and governance capabilities:
- Comprehensive In-Scope Data Visibility: All in-scope functions successfully completed data mapping. This captured the full lifecycle of personal data for each process, along with associated IT assets and third-party processors.
- Actionable Roadmap for Compliance: The detailed Data Maps were instrumental in identifying gaps in the client’s current compliance levels. Based on these findings, a clear roadmap was provided to support their mitigation efforts and enhance their privacy framework.
- Sustainable Governance & Consistency: Robust Governance and Procedure documentation was created to support the further maturity and consistency of the new data mapping process. This ensures that future data mapping can be accomplished in a consistent, repeatable, and robust manner, embedding privacy by design into their operations.