Logistics Brief


Case Studies




 
    Mazars Cybersecurity: GDPR

Beverage Company – Data Subject Rights (DSR) Requests


The Challenge

As part of its operations, the Marketing department of a large US-based beverage company collected and processed large amounts of personal data on customers in multiple countries. Because some of their operations fell under the jurisdiction of the European Union, they needed to assess their operational compliance with the privacy policy rules under the EU’s General Data Protection Regulation (GDPR).

In particular, they were concerned about being fined for non-compliance, or losing market share if they were subjected to sanctions requiring them to temporarily cease operations. They also recognized that if they were found not to be compliant, other compliant companies would not do business with them. The company initially tried to do this assessment in house. However, it was taking 30 days to respond to Data Subject Rights requests (DSR), which was the maximum time allowed by law, when it should have taken only two days to respond. It was also taking an average of 200 work hours to complete each DSR, instead of the eight hours or less that was budgeted.

As a result, qualified resources were being exhausted, and they would be stressed even further with an expected increase in demand – which, in itself, could result in an investigation and a potential fine.

Making matters worse, the company’s IT systems were located in multiple regions, causing an additional challenge, because evaluating the infrastructure of all subsidiaries was within the project scope.


How Mazars Helped

The company asked Mazars to assist in developing a viable DSR program, based on IT-related auditing and consulting work that Mazars had done for them in the past.

In less than four weeks, Mazars, working together with the client’s IT, Compliance and Legal departments, developed a GDPR compliant DSR program that enabled the company to perform DSR’s on 20+ selected systems within one week, in less than 40 working hours – a fraction of the time it had previously taken them.


Results

By adopting Mazars’s approach, the company was able to perform roughly five DSRs per month using only one person, instead of four to five people per DSR. Given that the subject matter expertise required to complete DSRs is an expensive resource (roughly $150k-$200k per FTE), the customer was able to avoid hiring an additional six resources, creating a savings in excess of $1 million annually.

And, best of all, the company’s senior executives now have a high level of comfort that the risk of fines, and the associated impact on the brand’s reputation, have been minimized.


Contact

Atif Ghauri | Principal, Cybersecurity Practice Leader| P: 267.254.8040 | E: [email protected]

Phillip Jones | Director – Cybersecurity | P: 813.760.5347 | E: [email protected]

 


Related Posts
CONFERENCE | Banking June 11-12, 2019 Orlando, FL Learn more and register now for this event.
CONFERENCE | Banking June 9-12, 2019 Orlando, FL Learn more and register now for this event. Description
CONFERENCE | Consulting June 3-6, 2019 Philadelphia, PA Learn more and register now for this event.