The client had started their GDPR journey but faced some challenges:

• no consistent approach
• lack of clear direction
• multiple stakeholders (what was the actual issue, not communicating well to multiple stakeholders, or something else?)

• Deliver a GDPR plan.
  • Work with the existing programme and stakeholders to deliver an achievable plan that considered all aspects of the GDPR for a large-scale organisation.
• Guide client so they would avoid breaching the GDPR.

Developed a comprehensive GDPR plan by working with the legal team, assistant General Counsel, and other stakeholders. We also engaged an external data protection lawyer and litigator for oversight.

Provided feedback on information gathered by the team (such as–perhaps by category??. I think we want to demonstrate that we understand GDPR in this section)

Delivered a method for prioritising challenges in existing systems.

disclosable artefact creation (I pulled this out as being something not mentioned before. Can you elaborate or can we delete).

Provided a comprehensive enterprise-level GDPR plan to help the client address their GDPR challenges and legal obligations. (Did it actually help them address their challenges, if so, what was the result of that?)

This plan was also vetted by members of the client’s legal team who provided positive feedback.