Assisting clients ensure compliance with EU GDPR guidelines – A case study

B R Maheswari & Co Limited (BRMCO) recently advised and assisted a leading Indian cloud communications company with significant operations in the EU to ready its policies and processes to comply with stringent GDPR provisions.

What follows is a case study outlining how BRMCO achieved this, from problem recognition to results.

Challenge 

The client completely lacked any understanding of GDPR provisions and what they needed to do as an organisation to be compliant. Their Data Protection Policy was almost non-existent. Due to a lack of awareness, not even the most basic registrations with the Information Commissioners’ Office had been completed, while policies were not comprehensive enough to comply with the provisions of GDPR.

Solution

The BRMCO team imparted training on the provisions of GDPR using an online training platform to make the staff aware of the repercussion of non-compliance. Necessary Registrations with authorities were obtained, and policies and procedures to comply with the regulations were created and implemented for the client.

Results

Due to the training, the staff started understanding the relevance of personal data and how to restrict the use of Personal Data, especially Sensitive Personal Data. Further training sessions were held, making Data Subjects aware of what personal data was being collected, while they were also made aware of their rights. 

After completing a series of IT Systems reviews, Data Protection and Data Destruction Policies were created, backups were encrypted and pseudonymised, and breach incident logs and reportings were created.

Akshay Maheswari, Managing Partner at BRMCO, comments:

“With the GDPR directives converting into a Regulation, our client wanted to be GDPR compliant but had little to no understanding of the compliance requirements or Registrations required under the regulation. We helped them:

• understand the requirements of the regulation; 
• directed and guided them through the necessary registrations;
• assisted internalising the GDPR provisions through the tech team with internal training;
• performed necessary audit checks, identifying and providing solutions to mitigate the gaps;
• got the compliance team geared up to perform future monitoring and reporting.”