Group

Data Privacy Process
Design

INTRODUCTION

Our client is one of the largest banking and financial services organizations in the world with operations in 65 countries and territories. In order to be compliant with the multitude of data privacy laws and regulations their global business operated under, a large consulting firm was hired to design a control process for the use of sensitive production data in non-production environments. Unfortunately, the resulting process had critical shortcomings and failed to adequately resolve the client’s data privacy challenges.

Bank Building
Challenge

CHALLENGE

  • No clear global policy defining what constitutes PII (personally identifying information)
  • Previous attempts failed because the Service Level Agreements (SLAs) could not be enforced or even established
  • Data masking could not be completed due to lack of resource expertise or availability
  • Previous consultant’s process was tried for 6 months but had serious shortcomings since it could not verify that applications teams had masked sensitive data
  • Unable to track application teams needing exceptions
  • Unable to address these issues, the client could not scale the process to include all application data in non-production environments and meet the original goal.
Solution

SOLUTION

Axis designed and implemented a new process that uses a DaaS (Data as a Service) approach, making masking simple and efficient. The process is broken into distinct types of requests, each having unique process maps for the business users and the internal Data Privacy Services (DPS) team.

Results

cyber security or gdpr concept cybersecurity personal information and private digital data protection online virtual locks secured internet connection

The Axis Data Process Design solution went live and delivered outstanding results:

  • Requests increased from 59 to 138 in the first week of the new process
  • SLAs were cut from 6 months to just 6 weeks!
  • The new process was clear, concise, and easy-to-follow
  • A portal was created for application teams to track the progress of their masking requests.
  • Application teams were able to implement masking in a consistent, uniform fashion worldwide
  • Client was able to integrate their corporate data protection standards into the software development process with minimal impact.

To support the Data Process Axis implemented these organizational and operational changes

  • Created company-wide PII policy
  • Created a dedicated Data Privacy Service (DPS) team to handle exceptions and mask data
  • Implemented Atlassian Jira Service Desk to provide feedback to teams
  • Established strict Service Level Agreements (SLAs) enforced by the DPS Team
  • Published Standard Operating Procedures (SOP)
Benefit

Axis designed and implemented a new data privacy solutions process that delivered outstanding results, including increasing throughput to handle 138 request compared to 59 in the previous year!