The Challenge
A U.S. based global agricultural company with a primarily B2B business model was looking for support to create and design a global privacy program from scratch.
Through discovery sessions and strategic planning, Myna developed a tailored Privacy Program Operating Model, provided key policies, and created a Record of Processing Activities (RoPA) to ensure compliance and support data mapping.
OUR APPROACH
Myna solved the organization’s challenges through multiple discovery sessions across all business regions. We developed a Privacy Program Operating Model to display design recommendations for building a program from scratch, provided a suite of policies to jumpstart the program, and created a Record of Processing Activities (RoPA) to both satisfy regulatory requirements and serve as a data mapping inventory exercise for the organization.
Privacy Program Operating Model included:
- Myna Partners key current state observations
- Priority list and roadmap to addressing Myna Partners identified key risks
- Risk-based program, policy, and privacy-by-design recommendations
- Recommended structure and design for a global compliance team
Suite of Policies to jumpstart privacy program implementation, specifically:
- DSR Policy
- Consent Management Policy
- Employee Notice
- PbD and PIA Policy
- Breach Response Policy
- RoPA Policy
- Vendor and Security Policy
- Privacy Notice
Myna worked closely with the client to develop a privacy program strategy that established the program structure from the ground up. This focused on compliance with all relevant global privacy regulations as well as managing the program on a global scale. Myna helped the company establish a strong, compliant privacy program across its global operations.
PROGRAM OUTCOMES
- The organization was provided a complete Privacy Program Operating Model that encompassed key observations, recommendations, risk-based business decisions to be made outlined, and the design of a new global compliance team.
- The organization was given a suite of 8 policies that were used to launch privacy program implementation and ensure compliance across multiple business regions.
- A complete data mapping inventory, covering 6+ global business regions was created. This inventory also served as a regulatory-compliant Record of Processing Activities (RoPA).