Improved Data Privacy for Robust Compliance and Security
Industry
Automotive
Services
Data & Insights, Strategy & Planning
A Fortune 500 automotive manufacturer required the implementation of an enterprise-level solution to ensure compliance with a landmark data privacy law.
Opportunity
A leading automotive manufacturer required an enterprise-level solution to ensure compliance with the California Consumer Privacy Act (CCPA), which gives consumers greater control over the personal information businesses collect.
They wanted to be transparent and responsive to consumers, employees, and business partners who wanted to better understand their privacy rights and the organization’s privacy practices.
Outcome
Improved Data Privacy
Established a sustainable and scalable market leading data privacy solution to exceed state regulations and provide greater transparency to requestors personal data.
Established Custom Privacy Solution
Integrated 75+ consumer, employee, and B2B data systems with robust privacy controls.
Mitigated Legal Risk
Ensured compliance with state regulations, potentially offsetting millions of dollars in fines due to noncompliance.
Approach
The manufacturer engaged Two Roads to provide strategic planning and program leadership to facilitate solution development and implementation. This included establishing an operating model and a governance model to enable decision-making, project execution, and promote transparency with the cross-functional team. With an aggressive timeline, we consulted our client to:
- Establish a data privacy platform that would enable the organization to receive, process, and provide a response to the requestor.
- Assess hundreds of data systems and integrate the “in-scope” systems with the data privacy platform.
- Identify and resolve risks, issues, and escalations with the cross-functional teams, including legal, compliance, and marketing teams.
Leveraging a hybrid-Agile methodology, Two Roads created a high-level project and product roadmap to hold development teams accountable to key dates and monitored milestones through regular status reporting and risk and issue management. Program processes were defined to effectively engage with technical and business teams, finalize requirements, create data flow and architecture specifications, and facilitate user acceptance testing with 75+ data systems.
With an initial $12M+ investment and annual $7.5M+ spend on the CCPA program, one of the largest investments for the Compliance & Audit department, it was essential that the program finances were closely managed to ensure continuous progress and resource productivity (internal and external). Two Roads worked with executive leadership to create annual budgets, set realistic scope expectations, and establish resource models to ensure scope was delivered within budget each year.
The manufacturer sought to be the market leader in data privacy and compliance. With Two Roads’ partnership, the client was able to successfully reduce liability risk and provide exceptional customer experience by establishing a sustainable and scalable compliance solution whereby the organization could effectively manage data privacy requests in accordance with state laws, California, and beyond.
Authors
Eric Krchnak
Partner
