A U.S. based global agricultural company with a primarily B2B business model was looking for support to create and design a global privacy program from scratch.
introduction
Through discovery sessions and strategic planning, Myna Partners developed a tailored Privacy Program Operating Model, provided key policies, and created a Record of Processing Activities (RoPA) to ensure compliance and support data mapping. This case study highlights how Myna Partners helped the company establish a strong, compliant privacy program across its global operations.
THE CHALLENGE
Myna Parrtners solved the organization’s presented problem through multiple discovery sessions across all business regions, building a privacy program operating model to display design recommendations in building a program from scratch, providing a suite of policies to get their program off the ground, and creating a Record of Processing Activities (RoPA) to both satisfy regulatory requirements and serve as a data mapping inventory exercise for the organization.
Our Approach
Myna Partners worked with the client developing a privacy program strategy that designed program structure from the ground up focusing on compliance with all relevant global privacy regulations, as well as managing the program on a global scale.
Created a Privacy Program Operating Model which included:
- Myna Partners key current state observations
- Priority list and roadmap to addressing Myna Partners identified key risks
- Risk-based program, policy, and privacy-by-design recommendations
- Recommended structure and design for a global compliance team
Created a suite of policies to jumpstart privacy program implementation, specifically:
- DSR Policy, Consent Management Policy, Employee Notice, PbD and PIA Policy, Breach Response Policy, RoPA Policy, Vendor and Security Policy, and a Privacy Notice.
Program Outcomes
- The organization received a complete Privacy Program Operating Model encompassing key observations, recommendations, risk-based business decisions to be made outlined, and the design of a new global compliance team.
- The organization received a suite of 8 policies that the organization leveraged to jumpstart privacy program implementation and compliance across various business regions.
- The organization received a complete data mapping inventory encompassing 6+ business regions around the globe that also serves as a regulatory-compliant Record of Processing Activities (RoPA).
.