What was the Challenge? ​

A major player in the travel industry was looking to ensure compliance in line with the upcoming GRDP regulation. The client had sought external advice a number of times in the past on the matter but had been left confused about what best practice looked like and more importantly what they should be doing to prepare. There had been an initiative some months earlier where some of the business had been consulted, this presented difficulties as finding and remediation work was limited.

Further, the Crown Consulting Group engaged with the client when the regulatory understanding was vague and limited to select opinion and guidance materials. This made finding a way to progress difficult as there was limited overall understanding and very minimal case studies. Management Consultancy

What did the Crown Consulting Group do?

Having worked in this direct space previously on a number of advisory engagements we felt best placed to help guide the client form a delivery plan that would ensure compliance. We spent time understanding the back journey the client been on and the advice they had been given. We felt this a critical step to ensure we understood what remedial works had already been done and to what extent they covered the necessary aspects, this would prove to save some time later in the project.

Following this, we worked with the client to transfer our understanding of the regulation and how we had tackled the problems previously. We followed this by introducing a number of core work streams that would focus on different parts of the regulation, these would then be managed individually but would form part of the overarching compliance piece.

We used our experience of GDPR directly and previous data related legislation & regulation to start working in a top-down manner across the business to identify key points of interest. Additionally, we worked in very close proximity to the client's technical teams to understand the architecture and carry out necessary assessments.

Other key elements that we assisted the client with include, but are not limited to;

• Identification and assessment of personal information based data sets;

• Risk generation and risk remediation;

• Training and staff education;

• Process re-engineering where necessary;

• System evaluation;

• Third party supplier/partner negotiations;

• Ensuring compliant processes in place – Breach, Data Subject Access and Article 30;

• Knowledge transfer to the business; And

• Assisting with operational set-up and transition.

What was the Outcome?

Some of the key success factors relating to our engagement with the client include;

• Top-down analysis of business directorates (departments & Teams);

• All key systems identified, assessed and risks cataloged by 25th May – (150 Systems);

• Very complex national infrastructure assessed; And

• All desk-based staff training prior to go-live.

​

Additionally, as part of the process, we engaged with the number of the client's partners & suppliers. This gave the client the opportunity to negotiate aspects of contracts, make considerable savings and explore new elements of functionality that would help drive the business forward.

​

Further, in addition to ensuring we completed a comprehensive knowledge transfer exercise with the client we supplied a final report detailing the existing risks, ways to look at remediating them and future work.