Turning new data privacy rules into an opportunity to strengthen customer trust
Setting a global best practice in data privacy
Developed a solution aligned to all international standards for data privacy
Enabled the institution's clients and customers in 80+ countries to raise data privacy standards
Established the institution's reputation as a world-leader in data privacy
The institution uses investment as a tool to build market economies and invests in projects that strengthen developing economies by making them more competitive, well-governed, green, inclusive, resilient and integrated. Since its creation in 1991, the institution has invested over €130 billion in more than 5,200 projects.
The institution holds personal data for some 30,000 current and previous employees. It also holds highly sensitive data generated by pre-investment due diligence. The institution isn’t required to follow any data privacy regulation worldwide, due to its supranational status making the organisation exempt from any local or national laws, but wanted to adhere to global good practices. With clients across three different continents, the institution sought to be a leader in data privacy. So the institution needed an approach that took account both of data privacy regulation in Europe (GDPR) and of different approaches in other jurisdictions.
Our team began by mapping (across 11 different departments) how the institution generates, stores and shares personal data. We also reviewed 40+ directives and policy and procedural documents to understand existing data privacy arrangements. Then we made recommendations on how to incorporate world-leading data privacy practices into the ongoing IT and digital transformation.
This work demanded leading-edge expertise in data privacy, skills in data analytics and IT transformation, and considerable ingenuity: we needed a solution that set the standard for all the institution's international clients and customers, whether in Europe, Africa or Asia. We based our approach around architectural patterns in the institution's new IT systems. As a result, our recommended data privacy requirements can be replicated in any systems where the same patterns occur.
Our work not only creates a practical template to help the institution achieve the most appropriate standards in data protection. It also establishes the institution's reputation as the leading supranational organisation on data privacy.