Conduct an audit and think about how to strengthen the protection of personal data without significantly changing the well-established business processes of the company.
Problem
PIK Group numbers over 25,000 employees and hundreds of thousands of clients whose personal data needs to be processed. The difficulty is that the group includes about 300 legal entities: they exchange data with each other, which increases the risk of information leakage.
Personal data leakage threatens with loss of reputation and fines, which have grown to RUB 18 mln in 2020.
How we resolved it
Described the company's key business processes in terms of personal data processing.
Audited the work with personal data of the sales department as the owner of the group's main business process
Created and put into practice internal documentation concerning the handling of personal data within the company's operations
Prepared recommendations on how to build the protection of personal data of employees and customers, while reducing the risks of law violations
Result
We helped the client create a full-fledged system for protecting the personal data of its employees and customers.
Based on the developed documentation and recommendations, the company can confidently refine its data management procedures and adopt novel tools, free from concerns about potential legal limitations.