A client was struggling to evolve its management control framework as they saw European Data Privacy laws become stricter.
The organisation was already operating in a highly regulated environment. As a result, the concepts of three lines of defense, risk appetite and fines were already understood. However, like many large organisations, the key challenge was to understand the company structure, the accountabilities and responsibilities people should be tasked with, and capturing the foundational data required to gain control.
A six month programme was conducted to deliver the core data required for the framework. As part of the work key ‘Governors’, ‘Owners’ and ‘Stewards’ were found. Their responsibilities were communicated and trained. The topic of Data Privacy and Data Security was integrated into the company risk framework, with annual repeat Data Privacy training planned aligned to FCA and anti-bribery training.
Working closely with Legal, HR, IT and operations, the end result of an increased awareness regarding Data Privacy, with a clear auditable Data Privacy framework.