What was the challenge?
The General Data Protection Regulation is the biggest reform to data protection legislation in the UK since 1998, providing a single standard for data protection across Europe.
The client, a global pharmaceutical organisation, was challenged with implementing GDPR consistently across its European group companies. Data processes across Europe were inconsistent, and as a pharmaceutical company, the client was also responsible for processing sensitive personal data for example patient data.
To implement GDPR, the client asked Moorhouse to create a uniform set of processes across the European group, and to develop a streamlined approach that worked alongside the company’s global entity.
How did we help?
We distilled regulatory guidance to create a bespoke GDPR implementation plan for the client. Engaging with stakeholders across the European group, we performed a detailed gap analysis, and created as-is data maps to capture the flow of personal data for each business process.
Working with various stakeholders within the European group companies, we designed and implemented the to-be data processes. We also designed a user-friendly Record of Processing Activities (RoPA) template and supported the business in completing it.
Our project management support underpinned the client’s Data Subject Rights simulation testing. We supported the client to develop their European GDPR policy and provided a tailored programme of communications and training to embed the changes.
What was the impact?
Our bespoke implementation plan enabled the client to complete RoPAs across Europe and have a full set of as-is and to-be data maps, highlighting the key changes required for GDPR compliance.
By delivering an effective change management programme and tailored training across business units, we were able to establish a consistent approach to GDPR across the organisation. As a result, the client was well positioned to be GDPR compliant by 25th May 2018.
For more information please email firstname.lastname@example.org