Castlebridge were asked by leading European telecommunications companies to conduct a review of their data protection compliance and data protection governance. To execute this engagement we drew on the deep knowledge of the telecommunications industry in our core team and our network of Associate Consultants. This case study is a composite of a number of telecommunications industry engagements.
The Pain Point
The pain points for the different companies that are amalgamated in this case study varied from an impending Regulatory Audit (under the pre-GDPR regulatory regime) to a need for strategic advice on how to design and implement any required improvements to their data protection governance and general data management practices to ensure compliance with GDPR.
What we did
In each of these engagements we assembled a multi-disciplinary team with extensive experience in telecommunications data protection and data governance to review the organizations and develop a maturity assessment, gap analysis, and roadmap for remediation.
We used our proprietary survey methodology and focused stakeholder interviews to build a clear picture of what each organization was doing well, doing badly, or not doing at all. We also reviewed all relevant documentation to identify gaps, inconsistencies, or oversights that needed to be mitigated. And then we assessed the organizations’ maturity in key data management capabilities that directly relate to Data Protection: Data Governance, Metadata Management, and Data Quality.
Based on those outputs we developed a risk register, and a list of identified defects requiring remediation. We also then helped the organizations to design and implement data protection governance frameworks that ensured the Data Protection Officer could operate in an independent oversight capacity, with day-to-day responsibility and accountability clearly assigned to business function areas.
We also tackled challenges such as data retention schedules and organization culture change around issues such as data retention. We also supported clients through full Supervisory Authority audits during some of these engagements, which served to affirm our findings and recommendations.
The various telecommunications companies who are amalgamated in this case study today have robust and scalable data protection governance frameworks that support compliance, enable innovation, and ensure accountability in the organization. A key element of all of these changes has been a shift in organization culture so that people think differently about data.