Delivering GDPR compliance and data protection confidence
The Metataxis approach
- We assessed the subsidiary’s personal data management against KPIs based on the parent group policies.
- Scalable solutions
- We took the GDPR programme of the parent organisation, a global company, and scaled it to suit the business, compliance, and risk management needs of the smaller specialist business.
- Gap analysis and action plan
Based on benchmark results we completed a gap analysis and an action plan.
- Data process flows
- We worked with the subsidiary to identify personal data holdings and data process flows.
- Record of Processing Activities (ROPA) and retention schedule
- We mapped personal data processes to the parent company ROPA and identified assets to be added to the Retention Schedule.
- Guidance and tools
- We created reusable and scalable assessment tools and provided guidance for the Group to use for measuring the compliance of future acquisitions.
Our work provided the manufacturer with the assurance they needed that the subsidiary company they were in the process of acquiring did not carry any unmanageable liabilities. Once acquired, we were able to find a way to enable the subsidiary to be brought into alignment with this large multinational company, that was also compatible with the requirements of their business.
During the benchmarking phase, Metataxis provided templates and spent time sharing our knowledge with practitioners working at the company. This allowed them to learn how to bring in future acquisitions in line with their own GDPR programme, giving them the self-sufficiency to carry our methods forward independently. This was important to our client as they make acquisitions regularly and really appreciated how we integrated data protection into their overall approach to make this easier for them to do.
Read more of our case studies here.