Advisory and delivery to mitigate a $2.2b risk


Client name

Brakes/SyscoLondon, Kent, UK

Length of EA assignment

18 months

Number of EA Consultants provisioned

2.5 FTE


The launch of General Data Protection Regulation (GDPR) across the EU exposed our North American owned multinational client to a $2.2bn risk.

Our client lacked the specialist European regulatory experience necessary to deliver the required changes, and with limited knowledge of regulatory change, and a lack of standardised processes, they needed external support. EA were brought in to help the client navigate the intricacies of their EU regulatory compliance and data requirements.


We began by using an evaluation process (EA IP) to assess the scale of the requirement, incorporating the business throughout.

By combining this assessment with a clear delivery strategy and a programme mobilisation plan, we were able to move forwards at pace.

Partnering with internal SMEs and other external resources across the 15 European company entities, our EA team designed and established strict governance and controls, monitoring more than 100 stakeholders and helping them to meet the legal obligations of GDPR.

We created a metric-based set of tools within a framework designed to objectively measure compliance adherence, and a detailed operating model that ensured data protection was prioritised both during and post project.

Risk reviews were regularly undertaken at a Steering Committee, with documented mitigation elements under active management control. What’s more, every two weeks we gave an evidenced status report against the baseline plan, and a red flag report, with proposed remediation plans for high priority areas.



Result / Impact

Risk reduction$2.2bn of potential financial risk allayed through our client’s adherence to GDPR legislation

Data records captured and mapped 700+ data records and over 200 standard operating procedures reviewed and re-documented

Websites enhanced 30 websites across Europe updated to reflect regulatory changes

Process implementationNew processes implemented, including data breach, impact assessment and subject access requests, in order to meet new compliance legislation

Target Operating ModelNew operating model designed and launched to sustain GDPR practices and continuously meet regulatory demand requirements

Selected Projects


0.1 Advisory

Establishing a central Portfolio/PMO capability

Our client, Moto, (a CVC Co.) sought to establish new processes that enables more timely decision making. They were in pursuit of understanding available data that helped them navigate their change portfolio. EA were brought into to design and implement new controls that achieved the objectives.


0.2 Impact

Off-shoring central functions to reduce cost, without risking quality

Our client, NCP, was to transition multiple back-office functions to a lower-cost offshore location which would provide a more cost-effective model that would provide a platform to scale and improve future service. The Client selected EA to act as a partner to lead the strategy, design, and implementation of the new offshore hub.