A Fortune 500 multinational consumer organization was presented with the challenge of balancing automation of an extended global supply chain against the need to adequately protect sensitive customer data spread across markets with complex legal considerations. Compliance with the European Union General Data Protection Regulation (GDPR) by the mandated implementation date became a priority due to the potential for significant fines and penalties for non-compliant data controllers and processors, but these efforts had to be weighed against the risks and impacts to core business functions.
The corporation engaged Fortress Information Security to assess its complex third party data management programs and provide actionable recommendations to identify privacy risks and support mitigation efforts. Fortress deployed information security and privacy subject matter experts to evaluate the readiness of the company’s portfolio of third party relationships and developed a plan of action with key stakeholders to meet the regulatory compliance requirements established by the GDPR.
- Utilized Fortress Guardian scanning and threat management solution to identify vulnerabilities in the company’s network of third party information systems and implemented our Data Driven Risk Rank methodology to guide data security assessment activities for enterprise critical relationships.
- Created a summary report of assessment findings detailing GDPR compliance requirements and preparedness efforts undertaken by the institution and its third parties to address the identified issues. The snapshot of current policies and procedures offered invaluable executive visibility over the gaps between the existing state of the program and the required provisions necessary to comply with the data protection legislation.
- Provided recommendations detailing critical success factors which not only met the minimum requirements established by the regulations to avoid fines and penalties, but also laid the foundation for a more robust data security program which promoted industry best practices for the management of sensitive customer data in an increasingly hostile threat environment.
- Fortress completed a rapid but thorough review of the data management and privacy risks which allowed the client to prioritize mitigation efforts and ensure compliance with the new regulations ahead of the mandated implementation date.