Our client, a global services provider, was running a failing GDPR Compliance programme. At that point, the programme had been through three project managers, had its budget increased twice, failed an audit, and none of the team working on it could confirm when they would be GDPR compliant. Our client was exposed to potential fines by the regulator and reputational damage. We were challenged to turnaround the programme and deliver results with the utmost urgency.
What was the challenge?
A number of things needed to be achieved to establish a clear approach and direction. Firstly, we had to determine a correct diagnosis and develop a stress-tested remediation plan. Also, gain buy-in from the sponsor and key stakeholders to the diagnosis and remediation. Finally, we had to mobilise and deliver the remediation plan.
How did r10 help?
r10 employed a tried and tested toolkit that forensically and rapidly enables a comprehensive problem diagnosis and effective remediation.
All facets of the programme were analysed, including its Definition, Governance, Stakeholder Management, Plan and Controls, and Roles and Responsibilities. They were critical shortcomings, including a lack of project management expertise, poor governance, unclear objectives, scope, and assumptions. In addition, the plan was found to have had inadequately defined activities without proper estimates.
Recommendations to address each key finding were identified, and a remediation plan developed to implement them.
What was the outcome?
The remediation plan enabled everyone to understand their role and objectives and gain the buy-in of the sponsor. As a result, the plan was delivered within the revised budget, and on time to satisfaction of the internal audit function.