Case Study

Compliance advisory to protect client data and comply with regulations.

Independent assessment of current compliance posture around data privacy and fit-for-purpose data classification taxonomy

Client: BulkSMS

Complexities

  • Requirement to protect client data
  • Flexibility to comply with data protection regulations in different regions
  • Protect reputation as data processor
  • Large volumes of unstructured data to deal with

Results

  • Awareness: Our compliance advisory services raised awareness of BulkSMS’s current compliance posture, and guarded against overestimating compliance maturity in some areas.
  • Alignment: The workshops brought more than just alignment with regulation for BulkSMS. They brought alignment with a fresh way of thinking about data compliance, looking at it in a practical way that combined people, process and technology.
  • Acceleration: (Our client) now has the know-how to confidently roll-out labelling and other initiatives globally. We provided clear recommendations in a structured roadmap that detailed the way forward.

The challenge

Having grown organically, BulkSMS wanted to accelerate their compliance journey and enhance their data management processes and procedures. As key players in the communications industry, they needed to be able to demonstrate to their stakeholders how they maintain security and demonstrate compliance with data protection regulations (GDPR, POPIA etc). Making data available to internal and external stakeholders for consumption and insights was also an important factor.

“Cloud Essentials has been essential to BulkSMS in ensuring we advance our data protection maturity in the local and global markets.”

Our solution

Understanding the current posture

The start of every journey with our compliance team features the question ‘where are we now’? We delivered our Data Privacy Assessment and Advisory Workshop to provide an independent assessment of the maturity of BulkSMS’s compliance posture around data privacy. We asked targeted questions to gauge our client’s position when it came to data privacy to learn which areas were already covered by existing controls and which needed attention.

Interactive workshops and a roadmap for improvement

Delivered as a series of interactive workshops, we examined the regulatory requirements, the recommended controls and the Microsoft technology available to facilitate compliance. These workshops involved key members of the risk, legal, compliance and IT teams. The legal experts hosting the sessions explained regulations in a simple way, and explained technology aspects without technical jargon. This made sure that the sessions were accessible and interactive. Following the workshops, we delivered a clear representation using a Power BI dashboard of where they are in their compliance journey and a roadmap outlining the way forward. Armed with practical next steps, BulkSMS was able to move ahead and optimise their compliance.

Creating an adaptable data taxonomy for a global business

BulkSMS also needed to establish a consistent approach to data classification for sensitive and personal data. Without it, they would compromise compliance with data privacy regulations, such as GDPR and POPIA and could possibly expose highly sensitive company data. Operating in multiple regions around the globe, they needed a taxonomy that was applicable to all regions but adaptable for regional variations.

We believe a sustainable classification taxonomy needs to be:

– Comprehensive, giving you confidence that it supports your compliance efforts;
– Clear, so that people, process and technology can directly build upon it, and
– Adopted, so that it’s used correctly and serves its purpose.

Developing a sustainable strategy

Our workshop goes far beyond raw information capture and classification design. We promote participation and impart knowledge throughout the journey of designing a taxonomy.

The workshop considered the following:

– the organisation’s data landscape;
– data storage and management infrastructure and requirements;
– the industry’s regulatory landscape, and
– personal data mapping.

We consulted with key stakeholders across divisions to identify requirements and capture different contexts.  The outcome was a fit-for-purpose, well-documented data classification taxonomy. Plus, recommendations for technology implementation, such as document fingerprinting, sensitivity labels and retention labels.

A sustainable strategy needs more than technology, so the report also served as a catalyst for initiatives around people and process.

“I found Cloud Essentials’ approach to dealing with the process of demystifying data classification to be very effective at taking what seemed like a daunting and complex environment and breaking it down into sensible and easily consumable parts. Their depth of knowledge in this space is impressive and as a result of our interaction with them, our own depth of knowledge has increased markedly. I would recommend them with confidence.”

Richard Simpson, Managing Director, BulkSMS.com
Compliance Governance

Results

Our compliance advisory services raised awareness of BulkSMS’s current compliance posture, and guarded against overestimating compliance maturity in some areas.

The workshops brought more than just alignment with regulation for BulkSMS. They brought alignment with a fresh way of thinking about data compliance, looking at it in a practical way that combined people, process and technology.

BulkSMS now has the know-how to confidently roll-out labelling and other initiatives globally. We provided clear recommendations in a structured roadmap that detailed the way forward.

Let us help you develop a sustainable compliance strategy for your business

The only way to really know if we’re a good fit is to get in touch, so let’s have a chat! One of our friendly experts will get straight back to you. You never know, this could be the beginning of a great partnership.
Bristol
Cape Town
Johannesburg
Email