Helping a leading cruise line sail to GDPR safe harbors
A large, U.S. cruise line company required an adaptation of existing data implementation and safeguarding strategies in order to abide by new GDPR requirements and ensure their customers’ data privacy and security is maintained.
Client Key Challenge
The client’s existing sensitive data was not housed in a manner to meet the GDPR standards. The client needed help with securing customer data and limiting unnecessary access to it as an effort to successfully prevent unsafe customer data storage. The client required implementation of database files data encryption, augmentation of the company operation in the development stage, limited and anonymized developer data, prevention of unauthorized users from accessing sensitive information in the production environment, and pseudonymized sensitive data for unauthorized users.
CHT was chosen as an addition to the existing team due to our experience in the IT field and vast knowledge in the areas of data security and data protection. We brought superior understanding of GDPR data protection and best practices for implementing GDPR into the company’s existing framework.
CHT devised and introduced a plan that created a framework for sensitive data housing.
- Security gaps assessment
- Plan proposal and design for securing environments and implementation of pseudonymization and anonymization in production and non production systems.
- Development and implementation of sensitive data discovery, data subsetting and data masking tools along with robust data masking software and data archiving.
Success Outcomes / Results
After GDPR data protection implementation is achieved, the prevention against data leaks is established within the company. The successful implementation of sensitive data discovery tool, data encryption, Data subsetting, data masking, and data generation tool and Robust data masking software allows the locating, assessing and securing of sensitive data fields. This guarantees that only authorized users access sensitive data and that customer information is not easily accessible. Privileged Access Manager and Password Access Management continuously generate new passwords and create a barrier between users and sensitive information as a further level of security.
Successful GDPR implementation ensures that the company is not faced with consequences relating to data privacy laws. Also, the solutions stated above are able to transform the company into a more efficient business that protects its customers.