The Problem

Investors in an international recruitment company required a complete assessment and remediation of its data protection compliance, in line with the General Data Protection Regulation (GDPR).

What we did

D2LT conducted a thorough review of the company’s internal processes and procedures, contractual relationships with third party suppliers, as well as in relation to its services and client relationships. Speaking to key stakeholders and reviewing written policies, processes, other internal documentation and third-party supplier and client contracts, we identified relevant personal data sources. We compiled a working data inventory, mapping the data sources to relevant internal and external processes of the company.

We provided a current state gap analysis and remedial recommendations in respect of the EU operations of the organisation, and identified key remedial recommendations that were presented to the management. Working with key client stakeholders, we managed the internally-executed aspects of the implementation process and executed various deliverables as part of same, including revised policies, notices and negotiated revised third-party vendor and client contract language.