Menu Close

Case Study

GDPR Gap Analysis and Remediation for International Bank


Data Protection


Financial Services

The client

The UK subsidiary of a major African bank providing cross border trade and investment services to institutions, corporates and individuals, and acting as the connecting hub between the parent firm and its partners.

The work

With a time limit set for GDPR compliance of the end of May 2018 the bank’s executive management wanted to determine their precise compliance position with regards to the updated regulation and then define and execute a remediation plan to ensure they achieved a state of readiness before
the deadline

How we helped

Our experienced Data Protection practitioner assessed the bank against the full scope (99 articles) of GDPR and established their degree of compliance status against each. In a formal report to management, we identified where gaps existed and made detailed and client-specific recommendations for closing them. Our consultant then worked with the bank’s Chief Technology Officer and their Programme Management Office to establish a formal remediation project. On-going subject-matter expertise was also provided to enable successful delivery of the remediation activities.

Value added

Our subject matter expertise and input allowed management to take an efficient, risk-based approach to delivering remediation activities, achieving a position of readiness in advance of the deadline and establishing a robust defensible position in respect of the bank’s GDPR compliance programme. We were also able to provide direct input to formulation of new policies and procedures to ensure alignment to industry good practice. In this way the bank was able to achieve a sustainable compliance framework that can be matured, rather than a tactical “point-in-time” solution.

Customer reviews

What our clients say

Get in touch

If you would like to talk about your risk management requirements, submit your details and one of our consultants will be in touch.