利用网络威胁情报来了解潜在威胁

概述

我们的客户是欧洲领先的水和咖啡综合解决方案供应商. 该公司目前拥有近3名员工,000名员工, 以及遍布欧洲的分销网络，包括生产设施, 一支超过1人的舰队,000辆服务车辆, 还有几十个当地的水源.

Background

With the 欧洲an Union’s General Data Protection Regulation (GDPR) enforcement deadline approaching in May 2018, the company proactively sought outside assistance to get ahead of the GDPR and implement an effective compliance program. The company was required to comply with the new law because it has operations in 15 欧洲an Economic Area (EEA) countries and processes data for thousands of 欧洲an clients. 然而, 它并没有完全掌握它所持有的哪些个人数据受GDPR的约束, 或者如何实现遵守新的隐私义务.

在很多情况下, 公司试图在内部评估和调整他们的数据处理, but do not understand the expansive scope of GDPR guidelines and the compliance challenges that often arise. 看似熟悉的术语, 例如“个人资料”和“处理”,在GDPR中具有具体而广泛的含义, 公司不一定熟悉合适的定义.

项目

RSM was chosen to help the company based on the team’s collaborative approach and proven experience with GDPR compliance, 以及其广泛性, 在几个关键的风险管理领域与公司的美国客户建立了成功的关系.S. 家长.

对于该公司来说，制定治理结构是实现GDPR合规的第一步. 因此, the RSM team initially established a project management office and steering committee to guide the significant amount of work necessary to adhere to the GDPR.

RSM then brought every key stakeholder that was responsible for GDPR compliance to the company’s 欧洲an headquarters and led a daylong education and planning session. 会议涵盖了GDPR的全部范围, 包括其含义和要求, 以及对业务流程需要如何更改的初步预测.

“Many stakeholders were unfamiliar with GDPR and didn’t really have a clear sense of how much it was going to affect the company,客户说. “我们不一定认为自己是一家保存个人数据的公司, so, 靠我们自己, 我们会认为这并不会真正影响到我们. 因此，设置初始启动对我们定义项目范围至关重要.”

接下来，RSM团队进行了一次彻底的数据映射练习. 这个行业分布很广, 每个国家都有特定的流程, 也没有集中的数据寄存器来记录数据的数量, 它的目的, 或者它在GDPR背景下的重要性. RSM worked with the organization at both a corporate and country level to understand what data the company held, 这些数据是如何使用的, 更重要的是, 为什么以及如何处理这些数据.

“RSM与所有vwin娱乐场官方进行了发现会议, 考虑他们持有的哪些数据受到GDPR的影响,客户评论道. “They considered the systems in place and spoke cross-functionally to the marketing and IT teams to understand the organization on an individual market level, 数据所在的位置, 以及它是如何储存和使用的.”

收集信息是一个复杂的过程, with RSM leveraging its global footprint and ability to work efficiently in native languages on the ground in all countries, 包括美国.K.美国、德国、法国和波兰等国. 这对公司来说是一次大开眼界的尝试, 意识到它真正拥有多少数据以及受GDPR要求约束的数据量.

在了解了公司有多少数据之后, RSM developed a GDPR gap assessment and detailed implementation plan to determine what was needed to fully achieve compliance. 近200个项目被评估, and RSM worked closely with company stakeholders to address any potential gaps and help create an effective GDPR compliance implementation framework.

例如, RSM evaluated the company’s websites and direct marketing strategies to determine how they conformed with GDPR guidelines and national laws. 该法规的目的是在整个欧洲统一, 但国家之间确实存在差异, since half of its articles defer to 欧洲an Union member states for specific national implementation details.

事实上, much of the work RSM performed helped the company understand and comply with data privacy requirements not only from a broad GDPR level, 但在个别国家层面也是如此. RSM帮助该公司做出泛欧洲政策在哪些方面可以满足要求的决策, 以及需要在每个国家的基础上采取国家方法的地方. 例如, 对于网站cookie, RSM developed and implemented a strategy that aligned with the most stringent national regulation and applied that across all markets—which was more efficient than a country-bycountry approach.

“除了了解我们拥有什么数据以及数据保存在哪里之外, 通过GDPR的实施，我们对自己的业务有了很多了解,客户说. “我认为我们现在更加适应数据最小化的概念. 由于GDPR的实施，我们的数据保留政策已经完全修改, and we give far greater consideration to the risk profile of any company with whom we are contemplating a data processing agreement.”

遵守GDPR是一项相当艰巨的任务, and many companies do not understand how much data they have or how the law will affect existing business processes. RSM collaborated with key stakeholders to revise and create policies and procedures and developed an effective compliance framework that can also serve as a basis for additional privacy regulations.

“RSM helped us build a sustainable compliance framework and emphasized that it was not enough to only exert effort leading up to the enforcement date; we have to maintain and supplement the information gathered during the project,客户说. “这是一个活生生的、有呼吸的规则. If a regulator comes by six months or a year from now and wants to see what you’ve done in terms of GDPR compliance, 你必须有切实的东西上交. 除了, the framework developed for us by RSM is reusable and now being leveraged as we plan for the implementation of the California Consumer 隐私 Act.”

结果

最后, RSM创建了一个自上而下的, 积极的GDPR合规计划, 与公司携手合作. The RSM team collaborated with stakeholders to understand the company’s current processes and where enhancements needed to be made to align with the GDPR. RSM团队最终为公司建立了一个全面的数据隐私基础, leveraging experienced resources in several countries to encourage compliance from a GDPR and individual country perspective.

RSM为客户提供服务的主要好处包括:

• 协作方法, working in close cooperationwith client management and both internal and outsidecounsel to achieve compliance in the mostefficient manner
• 创建全面的GDPR治理计划，专门为业务量身定制
• Development of an extensive gap assessment andimplementation plan to address any dataprivacy vulnerabilities
• 在整个组织中开发符合gdpr的业务流程
• 全面的培训计划, 使利益相关者了解他们的GDPR角色和责任