Delivering GDPR compliance and data protection confidence

Delivering GDPR compliance and data protection confidence

Supporting acquisition success for multinational manufacturer

Business drivers

Our client, a multinational manufacturer, was in the process of acquiring a small local company. Metataxis had worked with the client before to help them establish a GDPR management programme so when they needed to assess their new acquisition’s data protection maturity, they turned to us.

Key requirements

This multinational manufacturer asked us to assess the subsidiary company’s compliance with GDPR and data protection requirements. This needed to be done quickly and effectively in alignment with tight acquisition timelines.

The business also required the subsidiary company to align their policies, procedures, and practices with their own internal data protection compliance programme. This needed to be done with some sensitivity, as although this was an acquisition, both the parent client and subsidiary wanted to retain separate brands and cultures.

The Metataxis approach

To meet the client needs, Metataxis undertook the following activities:

  • Benchmarks
    We assessed the subsidiary’s personal data management against KPIs based on the parent group policies.
  • Scalable solutions
    We took the GDPR programme of the parent organisation, a global company, and scaled it to suit the business, compliance, and risk management needs of the smaller specialist business.
  • Gap analysis and action plan
    Based on benchmark results we completed a gap analysis and an action plan.
  • Data process flows
    We worked with the subsidiary to identify personal data holdings and data process flows.
  • Record of Processing Activities (ROPA) and retention schedule
    We mapped personal data processes to the parent company ROPA and identified assets to be added to the Retention Schedule.
  • Guidance and tools
    We created reusable and scalable assessment tools and provided guidance for the Group to use for measuring the compliance of future acquisitions.
GDPR and data protection

Business benefits

Our work provided the manufacturer with the assurance they needed that the subsidiary company they were in the process of acquiring did not carry any unmanageable liabilities. Once acquired, we were able to find a way to enable the subsidiary to be brought into alignment with this large multinational company, that was also compatible with the requirements of their business.

During the benchmarking phase, Metataxis provided templates and spent time sharing our knowledge with practitioners working at the company. This allowed them to learn how to bring in future acquisitions in line with their own GDPR programme, giving them the self-sufficiency to carry our methods forward independently. This was important to our client as they make acquisitions regularly and really appreciated how we integrated data protection into their overall approach to make this easier for them to do.

More success stories

Go to Top