Data protection compliance – Global project steering

In order to keep efforts and costs down, global enterprises often implement "one size fits all" uniform solutions on a worldwide level (eg HR data systems, compliance policies, cyber security, use of centrally provided shared services etc). Due to different legal standards in various countries, such worldwide implementation often leads to frictions regarding local law and culture.

Depending on the specific project, a classification into the following phases may be helpful in rollouts relating to data protection.

Analysis Phase: Shaping the project

• Collecting relevant facts and shaping the result desired by the client.
• Allocating involved jurisdictions and local counsels (tailored legal network).
• Legal analysis: How can the desired global implementation be justified with minimum local alterations (pragmatic business-oriented approach).
• Shaping uniform paperwork for implementation (global template), including:
  • summary of facts and legal analysis for local counsels
  • questionnaire for local counsels
  • suggestion for a compliant master solution.

Rollout Phase: Collecting "add on" input from local counsels

• Global rollout of "global template" to local counsels:
  • pragmatic approach – in order to keep costs down, local counsels may only suggest amendments to the global template where strictly required by local laws
  • fixed fee for work of local counsels, where appropriate
  • fixed deadline for work of local counsels, where appropriate.
• Follow-up communication with local counsels (including follow-up communication) if the desired result was not achieved yet.
• Summary of local implementation risks/local to-dos.
• Step plan for implementation, including local to-dos.

Rollout Phase: Collecting "add on" input from local counsels

• Internal and external steering of implementation requirements.
• Implementation of local to-dos according to "implementation step plan":
  • local authority filings
  • preparation and conclusion of contracts
  • collection of consent declarations
  • draft of notices to employees and contract partners
  • "shaping" of the implementation according to local requirements/standard.

Please click here to download the article as PDF file.