Assessing and Ensuring GDPR Compliance for a Fortune 500 Cruise Line

Focal Point’s GDPR and global privacy services client (“the Company”) is a recognized leader in the hospitality and travel leisure industry, representing a number of brands and one of the world’s largest fleets of cruise liners and luxury vessels. As a Fortune 500 company and a globally recognized organization, the Company employs over 120,000 staff members to support both its land-based and on-sea operations – accommodating more than 11.5 million guests from several hundred ports of call around the globe.

In early 2016, the Company recognized the pending shift in global privacy trends and the precedent set by Europe’s GDPR legislation. The Company knew it needed to implement significant technical and operational changes to align with the GDPR’s new requirements, but they also understood that these remediations were likely to become necessary throughout its operations as other countries followed suit, passing similarly stringent privacy regulations of their own.

To stay ahead of the curve, the Company selected Focal Point’s Data Privacy team to not only ensure its compliance with GDPR by May 2018, but to also fully assess and implement the necessary remediations in its operations globally. The Company wanted to align with both the GDPR and evolving privacy demands around the world. The Company partnered with Focal Point to develop and implement a new data privacy program, one which was able to better govern the collection and usage of personal data in the dawning era of privacy awareness.

Towards Global Compliance

As a result of the Company’s complex usage, storage and transfer practices, the Focal Point team first established an understanding of the key data processes, existing privacy and security safeguards, and current alignment to applicable EU standards, including recent GDPR mandates. Focal Point identified four objectives during the initial evaluation:

  1. Identify assets and map information related to the collection, processing, transferring, and storage of personal information from both employees and guests
  2. Assess the Company’s current alignment with GDPR and develop a roadmap that would outline its operational and technical needs for ensuring full GDPR alignment, leveraging a proven risk-based approach and prioritizing necessary actions
  3. Recommend and implement privacy program function enhancements to establish sustainable options for maintaining these processes and assets
  4. Develop a privacy impact assessment program capable of identifying and managing current privacy risks and addressing similar global and regional regulations

Success and Continued Support

Following the success of these efforts, the Focal Point team was able to identify all of the Company’s impacted systems, both in-house and those that were hosted by external third parties. Focal Point delivered a multi-phased remediation and program development project plan that addressed gaps in the Company’s technical- and security-related controls throughout the information lifecycle. Using industry tools and tee information gained from expertly led discovery sessions – across geographically dispersed operations – Focal Point delivered a sustainable privacy program capable of meeting the Company’s data privacy requirements in the face of changing global demands. The Focal Point Data Privacy team has continued to support these program assessment and implementation needs over the years.

Case Study: Assessing and Ensuring GDPR Compliance for a Fortune 500 Cruise Line 1
Featured Service

GDPR Compliance

Learn how Focal Point can help you with every step of your GDPR compliance program – from readiness assessments and program design to operationalization and DPO services.

Learn More

Featured Case Studies

Check out more stories about the exciting projects we've been working on.
Case Study: Assessing and Ensuring GDPR Compliance for a Fortune 500 Cruise Line
Case Study

GDPR and CCPA Compliance Readiness Services

The Company initially partnered with Focal Point in October 2017 for GDPR readiness services, specifically to assess its IT systems to gain a better understanding of its current alignment with the GDPR.
Learn More
Case Study: Leading Global Call Center Achieves Compliance with PCI Risk Assessment and Roadmap
Case Study

A PCI Audit for a Major Retailer

One of the largest privately held regional retail corporations in the United States engaged Focal Point as its PCI QSA to perform its annual PCI compliance audits.
Learn More
Case Study: Leading Global Call Center Achieves Compliance with PCI Risk Assessment and Roadmap 1
Case Study

A Large Dental Benefits Administrator Improves Overall Operations With a BC/DR Plan

One of the largest dental benefits administrators in the U.S brought Focal Point in to perform a business impact analysis and business continuity risk assessment to reduce future business interruptions.
Learn More