CASE STUDY
Privacy Program at a B2B Telecom Major
Context
The organization is a Telecom major present in 190+ countries and serves over 7,000 customers globally that represent over 300 of the Fortune 500. Historically, discrete steps around Data Privacy were taken to comply with GDPR, however a coherent holistic approach was missing.
The organization was keen to take its Privacy Initiative to the next level and build a formal Privacy Program in a structured manner given its exposure to multiple geographies as well as keeping in mind the upcoming India Privacy Bill.
Approach
Arrka conducted a pilot assessment for two areas, one for a Commercial Product, and secondly for Customer Data. The Assessment was conducted against the ‘LawAgnostic’ Arrka Privacy Implementation Framework (APIF). This was done to ensure scalability and consistency. The 2-step Assessment included: Personal Data Attribute Mapping (PDAM) and Gap Assessment based on the APIF and mapped to applicable Privacy Laws. The Assessment identified 20+ key gaps at the Product & Organization Level. These gaps informed the design and implementation planning of a Privacy Framework for the Assessed Products
Solution and Results
Law Mapping: Identified applicable laws across 60+ countries, their common elements and deltas
PDAM: Identified all PD Elements, their classification, source, applications and data flows.
Identified Organization level Gaps around areas like Organization Structure, Third Party Risk Management, Employee Awareness. Data Subject Rights Requests, Breach Notification, Privacy Impact Assessment.
Identified Product Level gaps covered areas like Privacy Notice, Consent, Legal Grounds, Data Minimization and Purpose Limitation
Program Design covered the above areas including, identification of Centralized DPO Model
Benefits
Completed Privacy Assessment covering two areas within 4 months
Assessed and benchmarked the Privacy Maturity Score
Identified over 20 key function level and organization level gaps
Improved Visibility to Personal Data by identifying 100+ PD elements
Ensured Compliance against key Audit findings
Improved Privacy Awareness among Senior Leadership by developing Senior Mgt Training Material on Privacy