RSM Australia

GDPR Case study - Financial Services

RSM firm: Ireland
RSM contact: Terry McAdam

Bringing RSM’s ideas and insight – the work we carried out

RSM Ireland undertook a Privacy Impact Assessment with regard to the current Loan Application process as operated by the Credit Union. The review assessed the incumbent process in light of both the prevailing Data Protection legislation and the pending General Data Protection Regulation.

Our team mapped the relevant data flows after conducting walk-through testing of the existing process. The nature of the data managed within the present process was also captured.

We prepared a concise report detailing the issues which presented, their implications and our considered recommendations to mitigate the risk associated with matters identified. Following feedback from management, we presented our report to a Board Committee.

Understanding our client – the benefitsGDPR case study - Financial Services

The Board and Executive both gained an increased understanding of their data protection obligations (current and future) and their respective roles in ensuring compliance is achieved and maintained.

With respect to the in-scope process, the organisation was presented with clear recommendations which would address the shortcomings identified during our fieldwork.

In conjunction with management, a timebound action plan was agreed to address the risk of an individual’s privacy being impacted during the operation of the Loan Application process.


RSM firm: UK
RSM contact: Sheila Pancholi

Bringing RSM’s ideas and insight – the work we carried out

GDPR case study - financial servicesThe review assessed their process with regards to the Data Protection legislation and the upcoming General Data Protection Regulation.

Our team conducted walk through testing of the existing data protection policies, procedures and processes and mapped data flows for the IT, finance, HR, compliance and marketing functions. We also captured the nature of the data managed within the current process, including sharing of personal data with any third party organisations outside of the society.

We prepared a concise report detailing gaps identified between current practices and the requirements stipulated under GDPR , their implications and our considered actions to mitigate the risk associated with matters identified.

Understanding our client – the benefits

Senior staff at the company gained an increased awareness of their data protection obligations going forward, and their respective roles in ensuring compliance is achieved and maintained.

With respect to the in-scope process, the Society was provided with a clear action plan to address the shortcomings identified during our fieldwork, in addition to the mapped data flows which they will maintain and update during business as usual processes.


More GDPR case studies >>