Advisory and delivery to mitigate a $2.2b risk
Client name
Brakes/SyscoLondon, Kent, UK
Length of EA assignment
18 months
Number of EA Consultants provisioned
2.5 FTE
Challenge
The launch of General Data Protection Regulation (GDPR) across the EU exposed our North American owned multinational client to a $2.2bn risk.
Our client lacked the specialist European regulatory experience necessary to deliver the required changes, and with limited knowledge of regulatory change, and a lack of standardised processes, they needed external support. EA were brought in to help the client navigate the intricacies of their EU regulatory compliance and data requirements.
Approach
We began by using an evaluation process (EA IP) to assess the scale of the requirement, incorporating the business throughout.
By combining this assessment with a clear delivery strategy and a programme mobilisation plan, we were able to move forwards at pace.
Partnering with internal SMEs and other external resources across the 15 European company entities, our EA team designed and established strict governance and controls, monitoring more than 100 stakeholders and helping them to meet the legal obligations of GDPR.
We created a metric-based set of tools within a framework designed to objectively measure compliance adherence, and a detailed operating model that ensured data protection was prioritised both during and post project.
Risk reviews were regularly undertaken at a Steering Committee, with documented mitigation elements under active management control. What’s more, every two weeks we gave an evidenced status report against the baseline plan, and a red flag report, with proposed remediation plans for high priority areas.
Result / Impact
Risk reduction$2.2bn of potential financial risk allayed through our client’s adherence to GDPR legislation
Data records captured and mapped 700+ data records and over 200 standard operating procedures reviewed and re-documented
Websites enhanced 30 websites across Europe updated to reflect regulatory changes
Process implementationNew processes implemented, including data breach, impact assessment and subject access requests, in order to meet new compliance legislation
Target Operating ModelNew operating model designed and launched to sustain GDPR practices and continuously meet regulatory demand requirements
Selected Projects
0.1 Advisory
Establishing a central Portfolio/PMO capability
Our client, Moto, (a CVC Co.) sought to establish new processes that enables more timely decision making. They were in pursuit of understanding available data that helped them navigate their change portfolio. EA were brought into to design and implement new controls that achieved the objectives.
0.2 Impact
Off-shoring central functions to reduce cost, without risking quality
Our client, NCP, was to transition multiple back-office functions to a lower-cost offshore location which would provide a more cost-effective model that would provide a platform to scale and improve future service. The Client selected EA to act as a partner to lead the strategy, design, and implementation of the new offshore hub.