Preparing an enterprise client for data privacy regulations

At a glance

Our team assessed the data of an enterprise client’s device analytics team, mapped how that data is routed through their organization, then helped them achieve data readiness through improved documentation and interdepartmental communication.

Customer challenge

Similar to many organizations today, our client was overwhelmed by the magnitude of data privacy compliance. They were aware of existing regulations and the need to evaluate and adjust their practices, but they didn’t know where to start.

On their device analytics team, the challenges included:

• High data volume (sometimes up to 300 million records per day)
• Limited visibility into how data was collected
• Fluctuating data volume
• High volume/low ROI of analytics reports
• Lack of data governance and data lineage

Approach and solution

Our approach was a simple one:

• Talk to everyone involved with the data.
• Give them a clear understanding of that data.
• Create documentation and processes to help teams interact with that data in a proactive and regulation-compliant manner.
• Teach the teams to integrate these new tools in a way that would last.

First, we conducted interviews across 11 lines of business that touch the data in question. We asked questions about:

• What types of data they use (specifically personally-identifiable information)
• What they use the data for
• How they gain access to the data
• Where the data is sent when their task is finished

Next, we created Visio diagrams to map how data travels within the organization: from team to team, location to location, etc. We also created process documents like checklists, workflows, and more. These documents formed a comprehensive overview of the lifecycle of each piece of data and demonstrated to stakeholders their own role in protecting it. This type of documentation serves as evidence of how the organization’s practices fit into existing data privacy regulations.

Finally, we did an assessment of how the teams could integrate these new data privacy standards and practices, sometimes referred to as operationalizing data privacy. With these recommendations in hand, the team felt informed and well prepared for current and future data privacy regulations.

Value and benefits – “The Wins”

Thanks to our completion of this initiative, our client has:

• A clear picture of what data they have, what they are doing with it, where it goes, and how it’s being used by 12+ LOBs across the organization.
• Data privacy documentation, guidance, and structure to maintain readiness for over 400 lines of data.
• Knowledge of how to optimize and automate their own data privacy processes to remain ready.
• Two completely new processes to optimize efficiency in consolidating information and sharing data.