Case Study

Data Privacy Gap Assessment Supports Health Insurance Company with Compliance Across Middle East Region

  • LinkedIn icon
  • X/Twitter icon
  • PDF icon

A large health insurer requested support in understanding its data privacy obligations and compliance exposures across six jurisdictions in the Middle East. FTI Technology conducted a data privacy gap assessment to help the client identify areas of risk and opportunities for programme improvement.

Situation

The organisation lacked a robust understanding of how personal data was transferred between teams and countries across its business and among Middle Eastern jurisdictions with stringent data privacy regulations. As a result, the company did not have the required elements of foundational data privacy compliance, including a record of processing activity and asset inventory.

Additionally, the organisation was uncertain of the extent of its data protection obligations. Without a clear framework of the applicable laws and how the company’s activities performed against them, the organisation was exposed to significant potential risk for violation and enforcement action.

Our Role

FTI Technology’s Information Governance, Privacy & Security experts were engaged to conduct a data privacy gap assessment for the organisation across all applicable Middle Eastern jurisdictions. The team worked closely with stakeholders within numerous business units and locations at the company to conduct interviews about current data handling practices. To complement findings, the team also interviewed data and security professionals at the organisation to verify the controls and measures already in place to protect personal data.

In addition to interviews, the engagement also included:

  • Evaluation of where and how personal data was stored in the Kingdom of Saudi Arabia.
  • Creation of a detailed records of processing activity, asset inventory and extensive data flow map to chart how personal data moved between systems and countries.
  • Identification of several significant risks related to international data transfers and sharing of sensitive data.
  • Recommendations for appropriate measures to be implemented before further data transfers were made, including robust encryption measures and access controls to enhance data minimisation.
  • Support for selection of a data privacy platform to operationalise data privacy processes.
  • Training and advisory for the organisation to implement and uphold data privacy best practices.

Our Impact

Gap assessment report icon

FTI Technology delivered a synthesised, comprehensive gap assessment report to the organisation’s legal and compliance team, providing fundamental insights into personal data use and sharing across the Middle East footprint and identification of numerous high-risk activities.

eLearning icon

The team helped to reduce the client’s risk profile and uncover data governance deficiencies, including legacy systems containing personal data. To encourage good data protection practices in the future and the maintenance of the record of processing activity and asset inventory, FTI Technology delivered numerous workshops and an eLearning Module to support ongoing data privacy hygiene enterprise wide.

Related topics:
Data Privacy

Related Solutions