Our customer, a global company specialized in the design, production and sale of medical equipment with thousands of employees and more than 500 legal entities worldwide (100+ of which across Europe), had the need to achieve full GDPR compliance.
By leveraging Data Privacy and its powerful Data Discovery engine, they were able to find and classify personal data scattered throughout structured and unstructured sources and set a rigorous GDPR governance at a central level.
- Difficulty in locating personal data within a complex information system
- Every legal entity of the group (more than 100 in Europe) was redacting their Processing Activities following their own criteria, with no defined governance
- Suppliers in charge of managing the Processing Activities didn’t have a common tool to upload the related documentation, making it difficult for the DPO to unify third-party information
- Due to a lack of internal culture on personal data, employees were used to copy and archive personal data in their own, scattered locations
- Data Breach episodes were managed only at a security level, without a monitoring tool to support the DPO in and other people/entities involved in their tasks
The customer started by implementing the powerful Discovery Engine available with Primeur Data Privacy, a high-performance tool able to scan both structured and unstructured sources that allowed to find and classify all personal data scattered throughout the information system.
Leveraging the Record of Processing Activities (RoPA) module, the company easily imported the existing data (physical assets, organizational structure and descriptions), setting a more rigorous governance of the process across entities.
The platform offers interactive maps, a useful tool to highlight all the connections between involved entities and data. This feature further allowed the company to implement a centralized management of third-party suppliers, as well as the ability to react to Data Breach episodes in an accurate and timely manner.
Thanks to Primeur Data Privacy, the customer is now able to perform Personal Data Discovery and Classification on hundreds of Databases (on average 85 GB, tables with 1,000 columns and 2M lines) in just 20 minutes, with a 95% accuracy on 5 languages (It, En, De, Es, Fr).
All their 1000+ processing activities are centralized in the solution, described in a unique format throughout the globe, regularly scanned and updated through the powerful discovery engine, clearly drawn through Interactive Maps for an easy comprehension.
The Multilanguage module has been implemented to guarantee homogeneous translations of documents throughout all legal entities of multinational companies. Thanks to this module, inputs provided by the headquarter in the main company language (in this case, English) are imported and properly translated by designated translators into the destination language of each legal entity, ensuring consistency across the organization.