Client Description
For over a decade, our client delivered solutions that support management, maintenance, and diagnostics of enterprise telecommunication networks. The client is a US company that operates internationally, serving many corporate customers in the US, EU, and worldwide. It develops several software products for network management, offering them as both on-premise and SaaS; providing round-the-clock support and maintenance.
When it comes to data protection, the client runs international operations processing personal data of its associates and customers, offering products that support GDPR compliance to its customers. The client is exposed to the personal data of end-users in the telecommunication networks when providing its SaaS offerings and support. This happens at an international scale, involving the client’s associates, customers, and the end users which creates a complex data protection landscape.
Business Challenge
The EU Data Protection and Privacy Regulation (GDPR) went into effect on May 25, 2018 and is designed to give control over personal data back to individuals, with regulatory authorities gaining greater powers to take action against businesses that breach these new laws. The GDPR impacts all companies that do business within the EU or engage with consumers who are resident in the EU, and if breached, can come with tough penalties of fines reaching millions euros, in addition to full liability for potential damages.
Like most US-based companies, our client was late in understanding the importance and ramifications of GDPR, its compliance requirements, and the consequences of compliance failures. Upon learning of GDPR’s potential impa ct to the business and its customers, the management team took swift action to become GDPR compliant.
Project Description
SoftServe began preparation of GDPR consulting services for the client in November 2017, led by Borys Omelayenko, Ph.D., CIPP/E, employed by SoftServe Netherlands in the EU, where he heads SoftServe’s Data Protection Team.
The client’s business activities were thoroughly examined, and a number of compliance measures were implemented, including the appointment of a Data Protection Officer, establishment of records of processing activities, execution of data protection agreements, updates to the information security and privacy policies, and an assessment of service offerings.
In addition to ensuring client compliance, special attention was given to supporting customers and partners in their own compliance efforts, providing compliant legal arrangements, implementing technical support which comprised data retention policies, audit logs, subject access requests, and more.
Value Delivered
"SoftServe proved to not only be the right call, but the key difference in ensuring that we are now GDPR compliant."
"Borys expertly guided us through each aspect of the GDPR regulations and audit compliance requirements, deftly communicating the GDPR’s inner workings, its interplay with our products, and the technological, legal, and economic impact it could have on the business—as well as our customers and partners." - Client’s Vice President of Product Development
"To say that Borys successfully completed a Herculean task in just a few short months, in both educating us and ensuring that today we are GDPR compliant, is a gross understatement. Borys’ insightful knowledge and expertise has positively impacted our product development as well as our legal and software product documentation and notifications, going forward." – Client’s General Counse l
The client continues to work further with SoftServe to ensure GDPR compliance of its upcoming software products and services.