Case Study – AMS
When the General Data Protection Regulation was introduced in Europe, Alexander Mann Solutions (AMS) needed to ensure compliance across their entire organisation to meet contractual and regulatory requirements when working with their global clients.
As a leading global talent acquisition and management firm specialising in outsourced recruitment, their data protection compliance is a key priority as it underpins their reputation and client trust. Their industry experiences a huge volume of Data Subject Access Requests, the processing of which could take up a substantial amount of time and effort for the Privacy Office team.
The significant challenge at AMS was to ensure that their operations meet the requirements of GDPR within all of our client environments and our own environment and ensuring that our suppliers also remain compliant with the new regulations. This meant increased workload and a need for personnel with deep subject matter expertise to complete some of the new tasks. The AMS Privacy Office staff were working at capacity and the DPO needed to ring fence his time to ensure he could focus on his program and priorities. A system of recording was required to demonstrate compliance to the supervisory authority and internally to collate the value the Privacy Office was providing to the organisation. Ultimately they needed the right solutions to ensure that we could give confidence to all AMS stakeholders that the management of data was as strong as it possibly could be.
- Free up DPOs time to work on the programme and strategy.
By utilising a Managed Service the DPO.
- Manage Data Subject Access Requests (DSARs)
Handing over the responsibility for the management of DSARs meant that AMS could be confident that all persons who submitted a DSAR would be answered and each DSAR would be processed appropriately and in the required timeframe closing any risk AMS may have encountered in a legal context.
- Continuous Data Mapping
Article 30 of the GDPR requires companies to produce records of processing activities which are continuously updated to reflect new processing activities. Outsourcing this to an experienced expert frees up the AMS privacy office team and ensures that the data mapping work is done in accordance to Article 30.
- Recording tool
Utilising the Privacy Key Metrics Dashboard provided comprehensive reporting capabilities with an option to have a single view of the data across the entire organisation. This provides ample dashboard and reporting functionality for AMS to identify patterns and generate reports to demonstrate the value of work done by the Privacy Office. The software also enables the office to manage projects from a central source with multiple user access rights, track progress and ability to delegate tasks and deadlines via email. The tools simple to use design is a winning factor.
AMS decided that the BeaconAI Privacy Key Metrics Dashboard along with a Manage Service would address their need for managing the privacy programme; facilitate reporting requirements; free up the DPO to work on the programme; give AMS access to a trained privacy specialist onboard to service DSARs and run the data mapping.
The managed service that AMS received exceeded all their expectations and now they are truly confident that they can demonstrate to their clients, their regulators and their candidates that data is managed correctly within AMS and we can demonstrate and improve upon our practices through the implementation of BeaconAI. Engaging with a Managed Service makes a massive difference in helping AMS demonstrate accountability and make sure that all tasks and requirements are completed in a timely manner fulfilling legal obligations. The Managed Service element of the solution also meant that AMS benefited from true expertise and subject matter guidance in the evolving area of data privacy. Having the BeaconAI Managed Service has had a positive impact on the AMS business, really making a change on operations and this improvement results in a confidence that the team at BeaconAI are an integral part of my team in the AMS privacy office.