Challenges

  • Become General Data Protection Regulation (GDPR) compliant
  • Understand and document how personal data is captured, managed, and processed
  • Incomplete understanding of risk and compliance requirements

Results

  • Implement Privacy-by-Design framework to proactively manage privacy across the business
  • Using the collaborative platform, DPO can monitor, track, and report GDPR compliance status in real-time
  • Greater visibility and contextualization enabled simplification of processing activities by 80%

Become GDPR-compliant and document how personal data is captured, managed, and processed

When the European Union’s General Data Protection Regulation (GDPR) came into effect, a $700M Us-based global software company knew it would be impacted and needed to prepare for this new data privacy regulation to protect EU citizens’ data privacy. To be compliant with GDPR, companies must understand and document how they capture, manage, and process personal data.  This can be very complex in large global organizations where several departments are managing personal data across multiple locations and business units. Without this visibility, companies have an incomplete understanding of risk and compliance requirements to meet more stringent GDPR regulatory reporting mandates.

This Company was attracted to MEGA’s HOPEX platform because it could provide a GDPR compliance solution and provide a detailed analysis of the dependent IT assets.  As part of the competitive vendor review process, MEGA provided the Company with a Proof of Concept (PoC) to test drive the HOPEX Privacy Management solution. The Company selected MEGA because of our industry leading approach to privacy management, whereby mapping dependent IT assets provides important context for privacy requirements and remediation.  Further, using the HOPEX platform would enable the Company the opportunity to create a Privacy-by-Design framework to further embed privacy into the design of systems and processes.

“Thanks to the integration with the HOPEX Enterprise Architecture solutions, HOPEX Privacy Management boosts the true benefts of our data protection compliance program, ensuring all new processes and IT applications comply with data protection regulations from day one. Further this connection has enabled our company to implement Privacy-By-Design and move beyond check the box compliance and rather focus on a comprehensive risk-based approach.“
CIO of US-based Global  Software Company

Comply with regulations, identify regulatory gaps, implement remediation, and produce documentation

This US-based global software company implemented MEGA’s HOPEX Privacy Management solution to guide the company towards compliance with data protection regulations, identify regulatory gaps, implement necessary remediation actions, and automatically produce documents required by the regulator to demonstrate accountability. This solution focused on four main areas:

  • Produce risk and impact assessment - With the ability to capture and fully understand the impact of their assets, this Company assessed its processing activities based on risk in association to two primary GDPR criteria: Data Categories and Data Subjects. Based on the assessment, HOPEX provided a data protection impact assessment.
  • Create accountability and centralized communication - A benefit f the HOPEX multi-user platform, the Company centralized its privacy management while ensuring accountability is distributed to the appropriate stakeholders, and thus established HOPEX as a powerful communication tool for corporate governance and privacy compliance.
  • Produce regulatory documentation - Through the solution’s single shared collaborative platform, the Company enabled stakeholders to produce regulatory documents for worldwide data protection legislation. Further, the Company managed third-party contractual clauses and notice templates and created procedures for the management of data breaches and data subjects’ rights.
  • Connect to Process and IT – Using HOPEX’s broader enterprise architecture platform, the Company was able to ensure all new processes and IT applications comply with data protection regulations.

Achieve GDPR compliance and implement a Privacy-by- Design framework

The Company successfully complied with GDPR, identified critical processing activities that required quick intervention to increase GDPR compliance, and reduced existing risks.  Other key benefit the Company realized from implementing MEGA’s HOPEX Privacy Management solution include the ability to:

  • Monitor progress - A collaborative environment ensured efficient and effective involvement of all necessary stakeholders and allowed the Company’s Data Protection Officer (DPO) the means to monitor, track, and report the status and results of GDPR compliance.
  • Reduce processes and risks – HOPEX provided greater visibility and contextualization, enabling the Company to simplify processing activities by 80% and prioritize remediation actions to efficiently reduce compliance risks.
  • Implement Privacy-by-Design – The HOPEX platform and its additional enterprise architecture solutions provided the ability for the Company to proactively embed privacy into the design and operation of their IT systems, network infrastructure, and business practices.

Solutions

  • HOPEX Privacy Management
  • HOPEX Platform
  • MEGA Services Team

Download PDF

Share this with your colleagues!