An Engineering Firm Prepares to Align with the EU’s New Personal Data Privacy Regulation
Primitive Logic helped this global engineering firm prepare its policies, procedures, and applications for compliance with the EU GDPR.
A large global engineering firm with a strong presence in Europe was facing a massive undertaking to align its policies and applications with the European Union’s General Data Protection Regulation (GDPR). Fortunately, the firm was already working with Primitive Logic on a data security project, and they leveraged our master data management and compliance expertise to lay the foundation of a GDPR remediation plan.
GDPR compliance became a top priority for our client. The program lead recognized that the organization needed a readiness plan, as the regulation impacts the handling of personally identifiable information for their employees and partners across Europe.
The regulation encompasses 99 articles — many of which allow ample room for interpretation — leaving the company with the task of determining which of its existing policies and procedures must be updated and which new ones must be added. On the software side, the company had grown through acquisition and many acquired firms had maintained their existing applications. This situation created an extensive matrix of properties that had to be assessed for compliance with the GDPR’s data protection requirements.
Why They Chose Primitive Logic
Since our client had previously engaged Primitive Logic to gain better control over the handling of their secure data, and they were also familiar with our extensive expertise in enterprise data management. When the GDPR project was ready to start, our broad experience in regulatory compliance and our understanding of our client’s systems made us the obvious choice to get them on track for readiness.
Primitive Logic is currently working with our client to align with the GDPR on two fronts: policies/procedures and applications.
On the policies and procedures side, our team has analyzed all 99 articles of the GDPR to identify the requirements that apply to our client. We are performing a gap analysis on each requirement to determine their current state of compliance and working with their compliance and legal teams to make the necessary policy adjustments. We are also working with their communications team to ensure that all employees are properly trained on the new and revised policies.
On the applications side, we are reviewing all applications that touch the personal data of EU residents to assess their current security state with respect to the GDPR requirements. In cases where the application is unable to support the regulation’s security mandates, we work with internal teams and external vendors to identify specific gaps, make recommendations for addressing them, and help them with remediation as well.
Throughout this process, our team is documenting in detail every measure taken. This documentation enables our client not only to meet the GDPR’s requirements for specific recordkeeping, but also to provide evidence to support our client’s claims should an official inquiry ever arise.
We have made significant progress to prepare our client for the GDPR. When the project finishes, they expect to be better positioned than most of the firms in their industry.
We Can Help
Let the Primitive Logic team help you achieve mindful digital transformation.