GDPR introduces strict new rules for how companies obtain, store and share personal data. We helped a leading multinational pharmaceutical company get ready for the regulation by implementing a new data privacy framework across the organisation. The new model builds data privacy into everyday processes, so that they can demonstrate to all their stakeholders that it’s serious about managing their personal data.
Key successes included:
GETTING READY FOR GDPR
Sharing our personal data with companies helps them develop the products and services we need. But before we hand our data over, we want to be confident companies will keep it safe. That’s what the EU’s General Data Protection Regulation (GDPR) aims to achieve. It sets out strict rules for how companies obtain, store and share our personal data.
The leading pharmaceutical company has business units worldwide, developing and selling products as diverse as vaccines, medicines and healthcare products to many different types of customer. GDPR meant they needed to be sure every part of this extensive and diverse organisation was collecting, storing and sharing data appropriately. We worked with them to ensure that they adopted GDPR and demonstrated to their stakeholders that they take data privacy seriously.
DEALING WITH UNCERTAINTY
We put together a diverse team of experts to work alongside their team in partnership to plan and implement an effective data privacy framework and operating model based upon GDPR. Our team included experts in data privacy, project management, IT delivery, policy development, change management and business design.
The first task was to understand the scale of the challenge. As the sheer number of systems and processes affected by GDPR became apparent, we worked with them and their external legal advisors to identify the areas of highest priority and focused our efforts on these first.
Although we put in place a clear plan to deliver the changes required ahead of the May 2018 GDPR deadline, we had to manage the uncertainty that stemmed from the fact that the rules were changing as we delivered the project. That’s because during this time European regulators issued rolling guidance on how GDPR should be implemented in individual countries. Our approach to ‘building the plane while flying’ required flexibility and pragmatism.
SHARING OUR EXPERTISE FOR A NEW CAPABILITY
We developed the programme to meet the required timescales, ensuring we helped them set up an internal capability to address data privacy issues across their global business in the future. This included helping onboard over 50 new team members. The new capability means they are well placed to manage the privacy risks from new digital technologies such as Artificial Intelligence as they emerge.
Our work helps them achieve GDPR compliance as efficiently as possible. Data privacy practices are integrated into ‘business as usual’ processes and designed into any new projects and activities. For our client, complying with GDPR has become about much more than avoiding fines for non-compliance. Their commitment to looking after stakeholder’s personal data is reinforcing stakeholder trust and helping it build loyalty and competitive advantage in global pharmaceutical markets.