Early 2018, the CCO of an iGaming merchandising company was unsure over what his company needed to do to become compliant with the GDPR. Not knowing where to start on the road to compliance, and indeed not knowing precisely what PII (Personally Identifiable Information) was being held, he knew that help was needed.
In April 2018, Y2X were engaged to assist with and lead the GDPR effort. With vast experience and expertise with GDPR, we were able to identify an ideal start point for the project and deployed one of our Business Analysts to draw out and document the business processes, identifying exactly what PII was held by the business. DSAR (Data Subject Access Requests) and Breach processes were created to suit the needs of the individual business, and were formally documented in an easy to follow way that could be produced during an audit.
In addition to this, extensive guidance was provided with relation to consent, ensuring that this is properly documented for employees, B2B and B2C clients.