PROJECTS 08

Introduction
The client, a global search provider, operated across the US, Europe, the Middle East, Australia, and Asia, supporting major companies in life sciences, finance, and professional services. Facing the GDPR compliance deadline of 25th May 2018, the client needed to achieve 60% compliance within six weeks to avoid significant fines.
The Challenge
Client Need
-
Ensure at least 60% GDPR compliance within a six-week timeframe, by 25th May 2018.
-
Avoid substantial fines associated with non-compliance.
-
Ensure operations across multiple regions adhered to new GDPR regulations.
-
Develop comprehensive GDPR policies.
-
Train staff on GDPR requirements and best practices.
-
Implement robust data management and business continuity processes
The Obstacles
-
With the GDPR deadline looming, there was immense pressure to implement the necessary changes within a very short period.
-
Financial constraints demanded cost-effective solutions without compromising on quality.
-
Identifying and mitigating risks associated with non-compliance was crucial, necessitating thorough assessments and strategic planning.
-
Ensuring all staff were adequately trained and informed about GDPR requirements posed a substantial challenge.
Client's Initial State
-
Efforts were made to draft GDPR policies, but these were incomplete and lacked the comprehensive detail required.
-
Some initial training sessions were held, but they were insufficient in scope and depth.
-
Allocated internal resources to address GDPR requirements but struggled with effective project management and prioritisation.
-
Attempts to engage other consultants did not yield the desired results due to a lack of expertise or alignment with the client’s specific needs.
Our Solution
Evance Consulting implemented a robust and agile approach, integrating business change analysis with strategic project management. This enabled a comprehensive response to the client's needs within the stringent timeframe. Key actions included:
Strategic Planning, Alignment and Implementation
-
Collaborated closely with the CFO and CEO to establish clear business requirements and priorities, ensuring alignment with organisational goals.
​
-
Conducted a thorough information audit and mapped data flows to pinpoint compliance gaps and areas of risk.
​
-
Defined current business processes (As-Is) and gathered detailed requirements to inform the development of new, compliant processes.
​
-
Performed detailed risk and impact assessments to identify potential compliance threats and develop mitigation strategies.
​
-
Created and tailored new GDPR and Data Protection Act 2018 policies, along with 22 detailed policy and procedure documents.
-
Delivered extensive GDPR training across the organisation, ensuring all staff were aware of and understood the new policies.
​
-
Provided recommendations and a framework for ongoing compliance, ensuring the client could maintain adherence to GDPR standards beyond the initial implementation.
​
The Outcome
-
Achieved 70% GDPR compliance, surpassing the initial target by 10% and ensuring robust adherence to regulatory requirements.
​
-
Met the critical GDPR readiness deadline within just three weeks, ensuring the client avoided potential fines and operational disruptions.
​
-
Deployed a comprehensive suite of data-compliant policies and procedures, including a new website privacy policy, setting a strong foundation for future compliance.
​
-
Successfully trained all staff on GDPR compliance, fostering a culture of data protection and privacy awareness throughout the organisation.
​
-
Established meticulously efficient business processes in a previously disorganised and change-resistant environment, enabling better risk management and operational continuity.
​

Conclusion
The successful delivery of this project hinged on the decisive buy-in from the CEO and CFO, along with their trust in Evance Consulting's expertise. By identifying and agreeing on a minimum viable product and leveraging a strategic, iterative approach, we achieved and exceeded the client's compliance objectives. This project not only ensured immediate GDPR compliance but also laid the groundwork for sustained data protection practices within the organisation.
To discover how Evance Consulting can help transform your organisation's processes and increase efficiency, contact us today.
Power in Numbers
70%
GDPR compliance, surpassing the initial target by 10% and ensuring robust adherence to regulatory requirements.
22
Detailed policy and procedure documents created and rolled-out.
6wks
Successful completion of the entire GDPR compliance project from initial assessment to full implementation and training.