On the Journey to GDPR Compliance

In partnership with Bird & Bird, OXYGY developed a GDPR compliance strategy for a global consumer products manufacturer across 18 countries. We focused on five major workstreams: Legal, IT & systems, Data Governance, Change Management and Project Management, engaging key decision makers across the company for accelerated adoption and long-term sustainability.

Do you want to know more? Please have a look below

What was the challenge?

At the beginning of the engagement, there was a lack of ownership and expertise on the topic of data privacy and the client had just introduced a new data management software, (OneTrust) which required the development of both functional and technical skills. Recognizing that achieving both reliable data management and governance presents significant challenges, we approached both issues with a holistic, systematic approach that combined technical and organizational solutions.

What we did

We provided “hands-on” project management support, including IT system administration and process design. We built internal data privacy capabilities and an effective data governance model, training data custodians in each market to take ownership of local data privacy matters and ensure ongoing compliance.

What was the outcome?

We implemented required documentation, introduced new processes for data breach and data subject requests and built a fully functioning governance team to address current and emerging data privacy challenges, according to a planned cadence.

The approach was so successful that OXYGY has been asked to support the same organization for the CCPA (California Consumer Privacy Act) compliance strategy.