CWC supported a client undergoing a data privacy and banking secrecy programme across 54 EMEA countries. The programme was critical in providing a robust framework to avoid brand and regulatory impacts of data breaches.


CWC developed and helped implement a strategy which consistently applied the principle that services may be outsourced but risk and responsibility cannot be. This in turn led to an operating model based on central management of EMEA data privacy operations and regional outsourcing of compliance and approval teams.


CWC delivered the:

  • Strategic approach
  • Operating model
  • Control framework
  • Implementation plans
  • Uplift in capability in defined roles and responsibilities in a complex environment

These deliverables resulted from our consultants’ hands-on experience of the frameworks of data protection rights and duties, which safeguard personal data, and of the technologies available to manage these.


Successful delivery and deployment of all of the Data Privacy, Outsourcing and Banking Secrecy requirements. The control approach assisted the client to effectively:

  • Prevent any further regulatory breaches
  • Create an auditable data privacy framework to ensure brand and regulatory protection
  • Be able to deploy agreed solutions across 54 impacted countries to the regulators’ satisfaction
  • Report and manage oversight of key risk indicators, SLAs, and completion of control actions
  • Implement a centralised operation servicing a high volume of business-critical requests and escalations