Privacy Program at an Indian MNC in the Automotive and Services Space
The group is a large Indian multinational in the automotive and other diversified services space, with multiple entities and operating in over 50 countries. Consequently, the group has exposure to multiple country-specific Privacy Laws & Regulations as well as specific sectoral laws in certain jurisdictions. To add to this complexity, regulatory oversight within the group is fragmented with several legal teams looking at different entities, none of whom has had any prior privacy experience. In this scenario, the group needed to establish and deploy a Privacy program that met their diverse stratified requirements in the most effective and optimal manner.
Arrka’s approach was tailored for their specific challenges. The overall approach recommended was to ‘take baby steps’ by starting with a pilot. With everyone new to Data Privacy as a concept, it was important to get all the stakeholders up the learning curve about what exactly this program was all about, the likely impact it would have on the business and, therefore, what plan of action would work best for the group. This approach was signed off by their Senior Management. Hence, as a first step, a Gap Assessment of two of their key businesses was conducted.
The learnings from this exercise were used to design a group-wide privacy program that could be rolled out in a phased as well as federated manner that would work best for the way the group is organized. A Central Group Data Privacy Office was established to serve as the Centre of Excellence as well as to drive and guide the program overall. Priorities and timelines for rolling out the program across the rest of the group were worked out based on the type of Business, Immediacy of exposure & Severity of Penalties.