The client
Top 20 Global Asset Management Company
The work
Xcina Consulting was approached by a large, global asset management company to help them understand the data protection compliance position within their complex operating environment.
The work was broken down into two work streams, namely a data mapping exercise and a data security review.
The data mapping exercise included identifying:
- All the jurisdictions in which the client
operates.
- Primary, secondary and tertiary sites.
- Key systems / applications (including
those that are cloud-based).
- Types of personal data processed by each
business unit.
- Significant legislation and regulation
pertinent to data protection in each
country.
The data security review focused on:
- Aspects of IT security.
- Third party management.
- Governance related to data protection
policies, procedures, controls and
measures.
- Backup, storage, restore and disposal of personal data.
How we helped
We identified multiple control gaps and provided prioritised recommendations for improvement.
Additionally, we provided the insight to help our client understand how the EU General Data Protection Regulation would impact them globally.
Value added
As a result of the data mapping and data security review, it was deemed
that our client would benefit from the implementation of a robust Data Protection framework, which we also led.