US-based Global Client
(Global IT Services across 100+ countries)
The Challenge
This client approached Ringfence due to concerns about the increasing levels of assurance being sought around data protection by their Customers, including renewals for existing, significant Customers generating multi-$M revenues annually for them.
Ringfence was asked to design and implement an International Data Protection & Privacy framework for our client to provide better foundations for this globally.
Ringfence's Solution
Using Ringfence’s Information Governance pack as the underlying foundation, Ringfence worked with our client’s CPO, CISO and Security & Compliance team to “internationalise” this to meet their global requirements across multiple jurisdictions.
Data Flows documents were then created, focused initially on our client's processing of EU/UK sourced personal data/PII for Customers and Employees, to ensure that these were fully understood and being carried out safely and legally, with improvements needed being discussed and agreed with the relevant local managers.
Ringfence was also requested to ensure that this new International Data Protection & Privacy framework fully supported and was aligned to the latest ISO/IEC 27701 (Privacy) and ISO/IEC (Information Security) international standards as part of our client upgrading these. This was achieved working with the client's global Information Security & Compliance team to re-build from the ground up the necessary process changes and documentation and provide support for their wider rollout.
Ringfence also provided Data Protection as a Service expertise as and when required, including specific Data Subject requests & helping our client to achieve EU-U.S. Data Privacy Framework (DPF) self-certification.
Key Outcomes
International Data Protection & Privacy framework fully established, initially populated to reflect our client's processing of EU/UK sourced personal data/PII.
Fully aligned with ISO/IEC 27701 (Privacy) and ISO/IEC 27001 (Information Security) international standards, supporting our client's successful and on-going re-certification.
Better awareness and embedding of privacy fundamentals & key controls across our client globally through training, comms, policy/process & governance improvements.
Easier and quicker provision of credible, detailed assurance to our clients Customers, particularly across the UK & UE, as part of commercial bids, tenders and renewals.