1. What Was the Situation?
Our client, a global financial services organisation, faced increasing pressure to manage their day-to-day data protection workload. The client required assistance in managing their global privacy mailbox, handling consumer and employee DSARs, and ensuring ongoing compliance with complex data transfer requirements, such as transfer impact assessments (TIAs). Additionally, the client needed to maintain up-to-date intra-group data transfer agreements, respond to data protection due diligence questionnaires, and provide senior management with key privacy metrics.
The client needed a solution that could address these demands and ease the pressure on existing team members so that they could focus on more complex and strategic projects.
2. How Did We Help the Client?
We deployed a team of two junior privacy professionals to support the client in handling a broad range of tasks. The junior team members were integrated into the client’s existing team and were responsible for the following:
- Managing the global privacy mailbox: Triaging incoming queries, ensuring they reached the appropriate business contacts swiftly and efficiently.
- Handling data subject access requests (DSARs): Supporting the internal team with both consumer and employee DSARs, helping gather and review the necessary information.
- Completing transfer impact assessments (TIAs): Assisting with the management and completion of TIAs in accordance with the client’s policies and procedures.
- Maintaining the intra-group data transfer agreement (IGTA): Updating the client’s global IGTA to reflect new entities and changing data transfer activities.
- Handling data protection due diligence questionnaires: Responding to these questionnaires from third-party vendors and partners, ensuring that data protection standards followed by the client were clearly communicated.
- Maintaining ICO registrations: Ensuring that the client’s registrations with ICO were up to date.
- Reviewing and completing sub-processor lists: Reviewing sub-processor lists and ensuring that they were accurately maintained.
- Preparing weekly privacy reports: Compiling weekly reports for senior management, providing data protection KPIs.
3. How Did They Benefit?
By providing a skilled team of junior privacy professionals to manage these ongoing tasks, the client was able to focus their internal privacy resources on more complex and strategic projects.
At the same time, the client had the comfort that day-to-day activities (such as DSARs and TIAs) were being handled efficiently, allowing the internal team to focus on critical decision-making. The client also avoided the need for permanent hires, instead relying on flexible support that scaled with their needs.
