A GDPR centre of excellence for a global risk management and regulatory consultancy

By Certeco | November 21, 2017 | Categories: Case Studies | Tags:


Our client, a leading global risk management and regulatory compliance advisory organisation, identified the need to standardise and improve its General Data Protection Regulation (GDPR) service offering. The programme involved planning for greater
consistency and efficiency in the delivery of advisory and remediation programmes. There was also a need to upskill employees and partner with a team of expert regulatory change management consultants.


The Certeco team was selected for its knowledge and expertise in delivering regulatory change within the financial services sector. We collaborated with the business to formulate the vision and specification for a Centre of Excellence (CoE) for the delivery of GDPR services. A team of Certeco cross functional experts from business architecture, analysis and project change delivery analysed the current state of GDPR capability and designed the target operating model for the proposed CoE. After reviewing the company’s GDPR value proposition and supporting capabilities, Certeco scoped the work and managed the end-to-end delivery of the plan.

The plan was initiated with the following workstreams:

  • Designing and developing the Target Operating Model for the CoE, including mapping out the governance model with roles and responsibilities across all business processes.
  • Establishing a GDPR knowledge base structure, populated with valuable information to support client engagement.
  • Researching into the appropriate GDPR technology solutions to increase efficiency.
  • Developing best practice templates and accelerators focused on project delivery and remediation to support GDPR implementation.
  • Preparing training materials and a communications plan to launch the GDPR CoE internally and transfer knowledge within the client organisation.


  • Fresh perspective: provided an independent review of our client’s GDPR capability.
  • Increased efficiency: increased delivery by 20%, through the introduction of easily accessible GDPR best practice accelerators.
  • Knowledge transfer: provided our client with a deeper understanding of its GDPR
    collateral and best practice tools and processes.
  • Reduce risk: improved services and standards ensured our client could meet the growing demand for GDPR services.

Download case study