Background
Being one of the leading retailers in Serbia, Fashion Company processes the personal data of EU residents. The GDP Regulation in force in the European Union has tightened requirements for personal information processing. In the event of non-compliance, companies are faced with a fine of 20 million Euros or 4% of their annual turnover.
To analyze the current state of the business IT infrastructure and bring the company's activities in line with regulatory requirements, Fashion Company turned to its permanent partner, Noventiq. The client highly appreciated Noventiq's experience of successful implementation of SAM projects in Russia and abroad.
The client, with its extensive network of offices, was faced with the task of securing a holistic expert assessment of the business from the standpoint of effective software use while reducing cybersecurity risks.
Solution
During the project's implementation, Noventiq specialists analyzed existing software management mechanisms and assessed the maturity level of personal data processing processes at Fashion Company. For this purpose, the experts made an inventory of 200+ user PCs and 20+ servers, interviewed employees and tested customer information security settings. Noventiq managed to reduce the SAM project costs by using effective internal automated analytics tools and specialized utilities.
Results
Based on the SAM examination outcomes, Noventiq drew up a set of technical recommendations for the client to transform the business in accordance with European legislation. Based on this analytical report, Fashion Company will be able to develop a competent licensing strategy and implement the IT resource management principles in line with the latest international practice.
Noventiq's recommendations will help the client avoid financial, legal and reputational risks, as well as increase the resilience of the information security system to external threats.
“This project was interesting because of its focus both on the SAM component and on working with European legislation. Our specialists approached the study of the client's IT infrastructure with an understanding of the current processes of personal data processing. We have helped Fashion Company with due diligence to mitigate the risks of violating GDPR Regulation. Now the client can easily do business without worrying about potential risks,” sums up Vladimir Nesterov, Project Manager of the Business Consulting Department at Noventiq.