Skip to main content
Case studies

Data Privacy & Data Mapping

Data Privacy & Mapping

Requirement

Assist one of North America’s largest providers of home workout equipment (client) with a comprehensive data mapping exercise regarding consumer data that was being collected.

Issues

The client was experiencing record-growth due to the COVID-19 pandemic, but was also concerned about the large amounts of consumer data they were collecting, much of it highly sensitive, as it was deemed to be healthcare related data.

Senior leadership wanted a comprehensive and detailed report on the entire consumer lifecycle of data throughout the organization, from initial collection of data to deletion.

Additional issues for the client

No Experience with Data Privacy Compliance: The client had no real familiarity with data privacy laws, and because of this, had never taken on any meaningful data mapping exercise. What’s more, they were not even sure as to the types of consumer data they were collecting and storing.

No Compliance Officer: The client had no official compliance officer, therefore, no real ownership existed in terms of managing the entire data mapping project. As a result, the Director of I.T. was tasked with the job, but had no real experience with data privacy.

Missing Compliance Culture: Regulatory compliance was never high on the list in terms of organizational importance. Additionally, management often questioned why such a heavy investment in time and money was necessary.

Solution

Centris deployed a team of data privacy experts that successfully accomplished the following:

  • Defined project scope and client participation.
  • Identified all control gaps and recommendations for remediation.
  • Completely reviewed all InfoSec documentation and began authoring new data privacy specific policies and procedures.
  • Established contact and working relationships with all in-scope third-party vendors (i.e., managed security services providers) and began implementing a workable Third-Party Risk Management (TPRM) program.

Outcome

  • Built and deployed an extensive data privacy program - complete with policies, procedures, and processes - one that successfully identified all data types and how such data is being stored, processed, and transmitted.
  • Created a true culture of compliance where employees now understand and value information security, cybersecurity, and data privacy.
  • Implemented a data privacy continuous monitoring program for ensuring controls are properly monitored long after the consultants are gone.

Duration: 4.5 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?