Case Studies

Data Governance for Data Protection – Telecoms

By Daragh O Brien
June 19, 2020
6min read
Data GovernanceData ProtectionGap AnalysisMaturity Assessment
responding to subject access request


Castlebridge were asked by leading European telecommunications companies to conduct a review of their data protection compliance and data protection governance. To execute this engagement we drew on the deep knowledge of the telecommunications industry in our core team and our network of Associate Consultants. This case study is a composite of a number of telecommunications industry engagements.

The Pain Point

The pain points for the different companies that are amalgamated in this case study varied from an impending Regulatory Audit (under the pre-GDPR regulatory regime) to a need for strategic advice on how to design and implement any required improvements to their data protection governance and general data management practices to ensure compliance with GDPR.

What we did

In each of these engagements we assembled a multi-disciplinary team with extensive experience in telecommunications data protection and data governance to review the organizations and develop a maturity assessment, gap analysis, and roadmap for remediation.

We used our proprietary survey methodology and focused stakeholder interviews to build a clear picture of what each organization was doing well, doing badly, or not doing at all. We also reviewed all relevant documentation to identify gaps, inconsistencies, or oversights that needed to be mitigated. And then we assessed the organizations’ maturity in key data management capabilities that directly relate to Data Protection: Data Governance, Metadata Management, and Data Quality.

Based on those outputs we developed a risk register, and a list of identified defects requiring remediation. We also then helped the organizations to design and implement data protection governance frameworks that ensured the Data Protection Officer could operate in an independent oversight capacity, with day-to-day responsibility and accountability clearly assigned to business function areas.

We also tackled challenges such as data retention schedules and organization culture change around issues such as data retention. We also supported clients through full Supervisory Authority audits during some of these engagements, which served to affirm our findings and recommendations.

The Outcome(s)

The various telecommunications companies who are amalgamated in this case study today have robust and scalable data protection governance frameworks that support compliance, enable innovation, and ensure accountability in the organization. A key element of all of these changes has been a shift in organization culture so that people think differently about data.

Related Case Studies

Case Studies

The Light Bulb Moment

Castlebridge assisted a retail electricity provider to tackle data quality issues that were affecting customer service and operational efficiencies in the delivery of products and services. This issue also posed...

read full case study
Case Studies

Strategic Research Engagement

Castlebridge was engaged by the enterprise development function of an EU Member State to examine the product/market fit and strategic routes to market for Cyber Security solution providers from their...

read full case study

Keep up to date with all our latest insights, podcast, training sessions, and webinars.

This field is for validation purposes and should be left unchanged.