Skip to main content
Case studies

Data Privacy (DPO)

DPO - Data Privacy

Requirement

Assist a large e-commerce provider in implementing GDPR compliance requirements, along with putting in place a Data Protection Officer (DPO).

Issues

With more than 10 million online e-commerce transactions (and with 12% originating from the European Union), the client needed to comply with the General Data Protection Regulation (GDPR) requirements, along with putting in place a DPO.

Senior leadership wanted a comprehensive and detailed report on the entire consumer lifecycle of data throughout the organization, from initial collection of data to deletion.

Additional issues for the client

No Experience with GDPR: The client had no real familiarity with data privacy laws and regulations, especially with the GDPR. What’s more, they were not even sure as to the different types of consumer data they were collecting and storing.

No DPO: The client had no official DPO, therefore, no real ownership existed in terms of managing the organization’s data privacy requirements as stipulated by the GDPR. As a result, internal legal counsel was tasked with the job, but had no real experience with data privacy.

Missing Compliance Culture: Regulatory compliance was never high on the list in terms of organizational importance. Additionally, management initially questioned the need - and costs - for bringing on board a DPO.

Solution

Centris deployed a team of data privacy experts that successfully accomplished the following:

  • Defined project scope and client participation.
  • Identified all GDPR control gaps and recommendations for remediation.
  • Completely reviewed all organizational policies and procedures documentation and began authoring new data privacy specific documents for the GDPR and other privacy laws.

Outcome

  • Built and deployed an extensive data privacy program - complete with policies, procedures, and processes - one that successfully identified all data types and how their consumer data is being stored, processed, and transmitted.
  • Created a true culture of compliance where employees now understand and value information security, cybersecurity, and data privacy.
  • Implemented a structured DPO program consisting of monthly action items to perform, including reporting to leadership.

Duration: 5 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?