The General Data Protection Regulation (GDPR) represents one of the largest overhauls of data protection legislation ever made.
Our client, a leading operator in the sports betting and gaming industry, was responsible for collecting and processing a large amount of customer and personal data and was in the midst of its largest ever post-merger integration. As a result, and similar to many other organisations, the organisation started assessing the changes required to support GDPR only six months prior to the deadline.
Recognising the priority and urgency of the changes required, a client programme team was mobilised, but quickly ran into a number of challenges.
- Lack of key expertise around data privacy and data management.
- Complexity of the digital changes required to deliver meaningful yet compliant customer journeys and customer data management.
- Insufficient capacity and data management skills to deliver the full scope of changes.
- A poorly defined view of what the end solution and the overall data privacy strategy should look like.
Gate One conducted a rapid strategic review and, based on our deep experience with data strategy and programme turnaround, implemented five key changes:
- Re-developed the enterprise data privacy strategy and re-aligned the programme objectives
- re-engaged senior management to build consensus around the data privacy strategy and buy-in to the changes required
- streamlined the programme structure to increase the speed of decision making
- Revised structure of key deliverables to align to the revised priorities and remove ‘gold plating’
- Re-energised and aligned the programme delivery team behind the revised priorities.
- Ensured ongoing ownership and governance of customer and personal data within the organisation and the extensive supplier base
- Developed an end-to-end data privacy training programme for all staff and contractors
- Implemented ‘privacy by design’ and data privacy champions
- Ensured new data management and processes led to real data insights which could be used across the business
These simple but highly effect changes not only put the programme back on track for delivery against the regulatory deadline but delivered a robust data privacy strategy and ‘privacy by design’ into any future product and service development.
After a challenging period of re-aligning senior stakeholders and the programme team, all priorities were successfully delivered. This marked a huge turnaround in the programme in just 4 months. This success was further boosted by the programme coming in under budget due to the implementation of tighter fiscal controls. In addition, the business had more control over its customer data and data processes, with clear ownership and wider awareness from its people.