Client Need

One of the US’s largest international banks and fintech’s European operations needed to reduce supply chain privacy risk and improve its European data protection international data transfer compliance after mandatory legal changes in the European Union. The Fortune 100 company also needed to increase data origin and data flow transparency of its large payment card business as it embarked on greater big data analysis, strategic partnerships with data aggregators and large-scale data sharing with consumer credit reporting companies.

PrivacySolved Solutions

PrivacySolved provided a Special Projects Data Protection Officer (spDPO), our highest level of Data Protection expertise to imbed in the banks Legal, Compliance and Chief Data Officer’s teams. The spDPO also had accountability line to the European Chief Information Security Officer.

PrivacySolved main tasks were to provide a strategic overview of the best options for data compliance in the new European data protection landscape, work with global procurement to identify high-risk and low risk suppliers, identify which suppliers used EU/US Safe Harbour and Privacy Shield data transfer mechanisms, roll-out new European data protection Standard Contractual Clauses to over 100 key suppliers and risk-assess and support direct negotiations and exceptions processes with suppliers, partners and data aggregators who refused to accept the bank’s new EU-influenced system.

PrivacySolved also engaged with the US privacy team and data science innovation hub to identify conflicts between master agreements with the US parent company and strategic suppliers which clashed with the new EU regime. PrivacySolved then recommended compromises, risk-acceptance criteria or re-scheduling of data privacy changes.

Results

The international bank and fintech were given the insights, tools and resources to:

  • Identify, analyse, risk-assess, risk-accept and negotiate in a complex data landscape
  • Remove EU/US Safe Harbor data sharing and adopt future-proofed contract clauses
  • Unify privacy, legal, compliance and IT Security to reduce data risk at minimal cost
  • Confidently sign multi-billion-dollar big data deals with partners in the next 2 years