Industry: IT & Tech Services
Service: Professional Services
Location: North America
Organization Type: Private
Employees: 501-1,000
Needs And Requirements:
This information technology company, which offers a loyalty program for gamers via a mobile application, had begun updating its operations to align with the General Data Protection Regulation (GDPR). The organization revised how personal data was collected from its mobile product and updated its privacy policy to meet EU privacy standards. Furthermore, it implemented measures to enable the “right to be forgotten,” allowing users to request the deletion or access to their collected data.
Main Challenges:
- GDPR Compliance Verification: The company required a thorough review of how its application and systems handled the collection, storage, and transportation of users’ personally identifiable (PI) and non-personally identifiable (non-PI) data.
- Data Controller Support: As a Data Controller, a comprehensive assessment of the Data Protection Addendum supporting their mobile application was critical to ensure it was GDPR compliant.
Solution:
Virtual DPO & Privacy Services: Hitachi Cyber provided comprehensive Virtual DPO & Privacy Services, undertaking an in-depth review of the company’s mobile application and associated systems. This assessment focused on ensuring the company’s compliance with GDPR requirements, particularly in the management of PI non-PI data. Furthermore, Hitachi Cyber evaluated the company’s Data Protection Addendum to confirm it adequately supported their responsibilities as a Data Controller under GDPR, thereby ensuring comprehensive adherence to regulatory standards. They also assisted in developing and updating policies and procedures to ensure ongoing GDPR compliance, including mechanisms for handling data subject requests and breach notifications.
Outcomes:
The GDPR compliance services offered by Hitachi Cyber significantly enhanced the company’s ability to manage its compliance status. This process provided a clearer view of its data handling practices, ensuring they met GDPR standards. Consequently, the company has bolstered its data protection strategies, thus enhancing user trust and fulfilling regulatory obligations. The company now possesses a robust privacy framework, essential for its continued growth and user engagement.
Next Steps:
Moving forward, the company will maintain an ongoing partnership with Hitachi Cyber to regularly assess and refine its compliance and data protection strategies, ensuring they remain abreast of any legislative changes or business practice adjustments. This proactive approach will help the company stay compliant with GDPR and other relevant regulations, fostering trust and security among its users while supporting its business growth.
