CASE STUDY

Privacy Program at a B2B Telecom Major

Context

The organization is a Telecom major present in 190+ countries and serves over 7,000 customers globally that represent over 300 of the Fortune 500. Historically, discrete steps around Data Privacy were taken to comply with GDPR, however a coherent holistic approach was missing.  

The organization was keen to take its Privacy Initiative to the next level and build a formal Privacy Program in a structured manner given its exposure to multiple geographies as well as keeping in mind the upcoming India Privacy Bill. 

Approach

Arrka conducted a pilot assessment for two areas, one for a Commercial Product, and secondly for Customer Data. The Assessment was conducted against the LawAgnosticArrka Privacy Implementation Framework (APIF). This was done to ensure scalability and consistency.​ The 2-step Assessment included:​ Personal Data Attribute Mapping (PDAM) and Gap Assessment based on the APIF and mapped to applicable Privacy Laws. The Assessment identified 20+ key gaps at the Product & Organization Level. ​ These gaps informed the design and implementation planning of a Privacy Framework for the Assessed Products 

Solution and Results

Law Mapping: Identified applicable laws across 60+ countries, their common elements and deltas​

PDAM: Identified all PD Elements, their classification, source, applications and data flows.  ​

Identified Organization level Gaps around areas like Organization Structure, Third Party Risk Management, Employee Awareness. Data Subject Rights Requests, Breach Notification, Privacy Impact Assessment. ​

Identified Product Level gaps covered areas like Privacy Notice, Consent, Legal Grounds, Data Minimization and Purpose Limitation​

Program Design covered the above areas including, identification of Centralized DPO Model​

Benefits

Completed Privacy Assessment covering two areas within 4 months​

Assessed and benchmarked the Privacy Maturity Score ​

Identified over 20 key function level and organization level gaps​

Improved Visibility to Personal Data by identifying 100+ PD elements​

Ensured Compliance against key Audit findings​

Improved Privacy Awareness among Senior Leadership by developing Senior Mgt Training Material on Privacy