A PRIVACY GAP ANALYSIS FOR A GLOBAL BRAND
A global brand management and distribution organisation appointed Mobius to perform a detailed Information Privacy gap analysis based on the current state of the local (South African) divisions. The objective of the project was to understand what is required to ensure compliance to the Protection of Personal Information Act (POPIA) across the business divisions as well as understand the impact of the General Data Protection Regulation (GDPR).
Key objectives of the project were as follows:
– To provide engaged employees with privacy awareness/ knowledge;
– Determine the extent of personal information processing across the divisions and their functions;
– Determine the points where personal information enters and exits the divisions and their functions;
– Identify third parties that process personal information on behalf of the divisions and their functions;
– Identify systems that capture, process and store personal information across the business;
– Identify cross-border information flows; and
– Provide practical remedial controls that the organisation can assign to appropriate owners.
Mobius used a practical, interactive approach to identify and engage with the appropriate stakeholders throughout the project. As a result, processes that require remediation were identified and the organisation was able to initiate projects to address compliance shortcomings.
If you have any questions or would like to know more about the approach we used, please contact us.