With Great Power Comes Great Responsibility:
The Story of a Growing Business
and Data Privacy
The pandemic has disrupted operating models of businesses across the globe. Since the beginning of 2020 – and since the launch of our company in 2006 – LogicManager has been working with our clients to help them pivot and prepare. We have over 15 years of experience under our belt of helping customers avoid all sorts of risks and scandals. That’s why we’ve been proudly serving as our customers’ mission-critical partner for COVID-19 challenges since the first week of February 2020.
Over this past critical year, we’ve collected over 200 value stories from our customers about how they’ve leveraged our guidance to drive their businesses forward. This series delves deeper into those stories in hopes of helping other businesses throughout these challenging times.
Topic: Scaling a business with data privacy compliance top of mind.
One of our clients provides mission-critical software solutions for companies in public and private sector verticals all over the world. While they help businesses operate across 5 different continents and employ over 20,000 employees, their headquarters in Northern Europe is where many of their strategic business decisions are made.
As an enterprise, they’re focused on driving long-term success by serving their customers with integrity and ensuring a healthy company culture under a set of shared values. Their dedication to good governance and transparency has gotten them far; they’ve acquired over 500 businesses since being founded just a few decades ago.
While this client has been able to impressively grow their business over the past few years, like all organizations, they face challenges:
- Scaling and consolidating: Common to most large, growing businesses, this client needs to consolidate and streamline their process of acquiring new clients.
- Industry regulations: The more clients you acquire, the more regulatory risk you acquire. Our client must ensure that they’re compliant with any industry regulations that are applicable to any of their clients.
- Reputational risk: As they acquire more businesses and take on more risk, this client becomes ultimately responsible for protecting their own brand, reputation and operations.
Considering these demands, it was imperative that LogicManager help this champion work smarter, not harder. They needed to be able to rely on software that helped them easily adapt to and stay ahead of evolving laws and regulations impacting their growing customer base.
How We Helped
Since the beginning of our relationship with this client, they have been leveraging security incident webforms to strengthen their IT Governance program. A few months ago, they reached out to their LogicManager analyst with an idea: could this customizable data collection process be applied to their business acquisition needs?
Fortunately, LogicManager’s GRC platform is highly integrated and adaptable, making it easy to turn what was once only a concept into a functioning process. As soon as the need was identified, they were on their way to a solution.
Working with the Director of Compliance at our client’s organization, our LogicManager analyst designed and implemented a “New Acquisition Survey.” This survey would be used to onboard any organizations that were acquired moving forward, and focused mainly on improving the way they sourced compliance information for all new businesses. The survey outlined specific sections of the following data privacy laws, regulations and standards:
- General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA)
- Protected Health Information (PHI)
- Family Educational Rights and Privacy Act (FERPA)
- California Consumer Privacy Act (CCPA)
- Colorado Consumer Data Protection Law
- Payment Card Industry Data Security Standard (PCI DSS)
- Fair Debt Collection Practices Act (FDCPA)
- Telephone Consumer Protection Act (TCPA)
- 42 CFR Part 2
- Foreign Corrupt Practices Act
- Export Compliance
To power this data collection process, LogicManager built out an extensive secure webform that our champion now shares with organizations they are in the process of acquiring. Here’s how it helps streamline the entire onboarding process:
- The form can be customized to only ask the questions applicable to the party responsible for filling it out; they’ll only need to answer questions that pertain exactly to their business. This eliminates confusion and fosters quicker response rates.
- The entire process is completely automated, so users can “set it and forget it” and eliminate the need to continually nag (or more importantly, remember to nag) with manual follow-ups.
- Users are able to upload any relevant documents directly within the survey. This way, the reviewer has all the critical information in one place once the survey has been completed.
To date, the New Acquisition Survey has enabled our client to successfully gather information from over 20 newly acquired organizations. Like any feature within LogicManager, this survey can be customized to fit their evolving needs so that as they grow, it grows with them.
Let’s take a look at how our client is set up for long-term success:
- By sourcing privacy information through a secure and easy-to-use form that’s accessible via one universal link, our client is saving time and preventing confusion. This makes a positive first impression and sets the tone for a successful working relationship.
- Having a form with dynamic elements allows for personalization, meaning the survey results provide more accurate insights for our client to report on.
- Our client is inherently taking a risk-based approach to all acquisitions, because all potential compliance risks are being clearly presented at the very start of the relationship.
- By ensuring that all newly acquired businesses are up to industry and geographic standards, our client can immediately close compliance gaps, helping them avoid fines and stay protected from negligence.
Not only is their acquisition process now automated and strengthened, but since it’s housed within LogicManager, this champion will be able to tie their work to other areas of the business: while they work on the compliance team, mitigations being implemented by other departments will be automatically brought to their attention through our Taxonomy Insights AI technology. For example, Taxonomy Insights may tell our compliance champion that a newly acquired business is subject to an IT Governance standard. From there, they can communicate with the end user to ensure that standard is fulfilled on their end.
Arguably the most important value-add this client is receiving as a result of this new functionality is being able to effectively protect data privacy. Whether it’s their company information, employee data or customer PII, they’re equipped to safeguard it no matter how big they get. Now more than ever, they can dedicate more of their time to upholding their values of transparency and taking good care of their customers.