GDPR and CCPA Compliance Readiness Services

A global hospitality company (the Company) initially partnered with Focal Point in October 2017 for GDPR readiness services, specifically to inventory and assess its IT systems – both at the franchisee- and corporate-levels – and provide an information mapping repository of the key processes and data flows throughout the organization. The Company sought to gain a better understanding of its current alignment with the GDPR. The Focal Point team created a prioritized implementation roadmap of the necessary remediation activities, leveraging a customized risk matrix and system ranking to ensure compliance at each level of operations. In 2018, the Focal Point Privacy team assisted in developing the Company’s Data Subject Rights program and led its CCPA compliance readiness efforts, which are currently ongoing.

Project Summary

Inventory and Assessment

Focal Point created a full inventory of the systems in the Company impacted by the GDPR, laying the groundwork to expertly scope the affected systems and prioritize remediation activities. Based on the Company’s experience and understanding of key IT and security controls, the Focal Point team created a GDPR Systems Control Matrix to identify and evaluate key controls within the scoped systems. Together, the GDPR Systems Inventory and Systems Control Matrix enabled Focal Point’s privacy team to identify specific implementation tasks and either recommend actions to remediate areas of non-alignment or define appropriate mitigating controls.

Information Mapping

For this engagement, the Focal Point team used targeted information questionnaires and initial discovery sessions to develop an Information Mapping Repository, which was then used to create detailed visual processing maps for a number of higher-risk data flows and processing activities.

These efforts ultimately provided valuable insights into the Company’s complete information lifecycle, identified several unforeseen and/or unintended uses of employee and customer personal information, and communicated the Company’s necessary technical and organizational safeguards across the organization, in franchisee and corporate operations alike. This enabled Focal Point’s team to successfully implement an entire data subject rights program as part of their GDPR remediation activities.

Success and Continued Support

The Company’s franchisee and corporate operations are now aligned with the requirements of the GDPR, reducing the risks of expensive and damaging penalties for noncompliance. The Focal Point team was also able to implement several technical enhancements during this engagement’s remediation activities, offering more governance and insight to the Company overall.

Following the success of the Company’s GDPR assessment and remediation implementation, the Company has continued to partner with Focal Point to lead its CCPA compliance readiness efforts. The Focal Point Data Privacy team is currently completing this initiative.

Case Study: GDPR and CCPA Compliance Readiness Services 1
Featured Service

CCPA Compliance

Learn how Focal Point can help you with every step of your CCPA compliance program – from readiness assessments to advisory services and ongoing support.

Learn More

Featured Case Studies

Check out more stories about the exciting projects we've been working on.
Case Study: Leveraging Data Analytics for Retail Supply Chain Optimization
Case Study

Data Quality Assessment and Data Warehouse Design Assessment at a Growing Tech Company

A leading technology company engaged the Focal Point Data Analytics team to perform a data quality assessment and assist in developing a roadmap to modernize their data warehousing environment.
Learn More
Case Study: GDPR and CCPA Compliance Readiness Services
Case Study

Assessing and Ensuring GDPR Compliance for a Fortune 500 Cruise Line

Focal Point’s GDPR and global privacy services client is a recognized leader in the hospitality and travel leisure industry. The Company sought to align with both the GDPR and evolving privacy demands.
Learn More
Case Study: A Large Dental Benefits Administrator Improves Overall Operations with Business Continuity and Disaster Recovery Plan
Case Study

Global Call Center Achieves Compliance with PCI Risk Assessment and Roadmap

One of the world’s leading global call centers was being acquired and wanted to evaluate their compliance efforts to see if they were aligned with the PCI DSS requirements prior to the acquisition completion.
Learn More