Having grown organically, BulkSMS wanted to accelerate their compliance journey and enhance their data management processes and procedures. As key players in the communications industry, they needed to be able to demonstrate to their stakeholders how they maintain security and demonstrate compliance with data protection regulations (GDPR, POPIA etc). Making data available to internal and external stakeholders for consumption and insights was also an important factor.
The start of every journey with our compliance team features the question ‘where are we now’? We delivered our Data Privacy Assessment and Advisory Workshop to provide an independent assessment of the maturity of BulkSMS’s compliance posture around data privacy. We asked targeted questions to gauge our client’s position when it came to data privacy to learn which areas were already covered by existing controls and which needed attention.
Delivered as a series of interactive workshops, we examined the regulatory requirements, the recommended controls and the Microsoft technology available to facilitate compliance. These workshops involved key members of the risk, legal, compliance and IT teams. The legal experts hosting the sessions explained regulations in a simple way, and explained technology aspects without technical jargon. This made sure that the sessions were accessible and interactive. Following the workshops, we delivered a clear representation using a Power BI dashboard of where they are in their compliance journey and a roadmap outlining the way forward. Armed with practical next steps, BulkSMS was able to move ahead and optimise their compliance.
BulkSMS also needed to establish a consistent approach to data classification for sensitive and personal data. Without it, they would compromise compliance with data privacy regulations, such as GDPR and POPIA and could possibly expose highly sensitive company data. Operating in multiple regions around the globe, they needed a taxonomy that was applicable to all regions but adaptable for regional variations.
We believe a sustainable classification taxonomy needs to be:
– Comprehensive, giving you confidence that it supports your compliance efforts;
– Clear, so that people, process and technology can directly build upon it, and
– Adopted, so that it’s used correctly and serves its purpose.
Our workshop goes far beyond raw information capture and classification design. We promote participation and impart knowledge throughout the journey of designing a taxonomy.
The workshop considered the following:
– the organisation’s data landscape;
– data storage and management infrastructure and requirements;
– the industry’s regulatory landscape, and
– personal data mapping.
We consulted with key stakeholders across divisions to identify requirements and capture different contexts. The outcome was a fit-for-purpose, well-documented data classification taxonomy. Plus, recommendations for technology implementation, such as document fingerprinting, sensitivity labels and retention labels.
A sustainable strategy needs more than technology, so the report also served as a catalyst for initiatives around people and process.
Read our insider tips on compliance