• AU
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK

Case Study: Privacy Support for Global Financial Services Organisation

22 October 2024
We helped our global financial services client to manage data protection processes including their global privacy mailbox, management of transfer agreements and employee DSARs, freeing up their internal privacy specialists for matters of more strategic importance. 

1. What Was the Situation? 

Our client, a global financial services organisation, faced increasing pressure to manage their day-to-day data protection workload. The client required assistance in managing their global privacy mailbox, handling consumer and employee DSARs, and ensuring ongoing compliance with complex data transfer requirements, such as transfer impact assessments (TIAs). Additionally, the client needed to maintain up-to-date intra-group data transfer agreements, respond to data protection due diligence questionnaires, and provide senior management with key privacy metrics. 

The client needed a solution that could address these demands and ease the pressure on existing team members so that they could focus on more complex and strategic projects.  

2. How Did We Help the Client? 

We deployed a team of two junior privacy professionals to support the client in handling a broad range of tasks. The junior team members were integrated into the client’s existing team and were responsible for the following: 

  • Managing the global privacy mailbox: Triaging incoming queries, ensuring they reached the appropriate business contacts swiftly and efficiently.
  • Handling data subject access requests (DSARs): Supporting the internal team with both consumer and employee DSARs, helping gather and review the necessary information.
  • Completing transfer impact assessments (TIAs): Assisting with the management and completion of TIAs in accordance with the client’s policies and procedures. 
  • Maintaining the intra-group data transfer agreement (IGTA): Updating the client’s global IGTA to reflect new entities and changing data transfer activities.
  • Handling data protection due diligence questionnaires: Responding to these questionnaires from third-party vendors and partners, ensuring that data protection standards followed by the client were clearly communicated.
  • Maintaining ICO registrations: Ensuring that the client’s registrations with ICO were up to date. 
  • Reviewing and completing sub-processor lists: Reviewing sub-processor lists and ensuring that they were accurately maintained.
  • Preparing weekly privacy reports: Compiling weekly reports for senior management, providing data protection KPIs. 

3. How Did They Benefit? 

By providing a skilled team of junior privacy professionals to manage these ongoing tasks, the client was able to focus their internal privacy resources on more complex and strategic projects.

At the same time, the client had the comfort that day-to-day activities (such as DSARs and TIAs) were being handled efficiently, allowing the internal team to focus on critical decision-making. The client also avoided the need for permanent hires, instead relying on flexible support that scaled with their needs. 

Find out more about how we can help you manage short-term challenges and keep your projects on track with our Data Protection Extend & Accelerate service

Further Reading