Client background:
Part of the global Fortune 500 list, the company is a leading Europe based manufacturer. It employs close to 145,000 resources with operations across the world.
Business challenge:
The manufacturing major had implemented a global GDPR compliance program to ensure suppliers’ contractual compliance towards the GDPR. They had 130,000+ contracts across 525 categories of goods and services, including training, consulting, recruitment, and HR, that suppliers were delivering across geographies in multiple languages. They did not have visibility into contracts/suppliers that needed to be prioritized based on their scope of services, geographies, and type of processing. Another challenge was that the in-house legal team did not have the bandwidth to execute a program at such a massive scale, and there were budgetary constraints within which the entire program had to be delivered.
Solution:
Wipro proposed an offshore operating model, comprising GDPR experts and contract experts, to review and renegotiate the contracts. Wipro’s team of legal experts suggested the contracts be prioritized into high, medium, and low complexity categories and identified 750+ suppliers be covered as part of the GDPR program. The team initiated Data Processing Agreements (DPA), Joint Controller Agreements, or GDPR Declarations with the suppliers. The team was responsible for reviewing redlined versions and negotiations with the suppliers, in conjunction with the client’s legal teams, to finalize and execute the DPAs. The team also conducted gap analysis on supplier DPAs and provided recommendations to the client's legal team.
Business impact:
Wipro’s data privacy services ensured operational efficiency and standardization across multiple legal entities and geographies.