OSRAM GmbH is the global No. 1 provider of automotive lighting and a worldwide leader in innovative lighting solutions. Based in Munich, OSRAM is changing the way people see their world with a collection of high-tech applications based on semiconductor technology, smart connected lighting solutions and technology that enhances people’s lives in the digital age.
Leading up to the General Data Protection Regulation (GDPR), OSRAM took the same innovative approach in ensuring its privacy program met the regulation’s strict data protection standards.
“In setting up the privacy program we did adopt the same systematic management approach as for our Compliance System in general,” said Dietmar Prechtel, Chief Compliance Officer at OSRAM.
As a first step toward GDPR compliance, OSRAM’s privacy team knew it needed to conduct a data mapping assessment of the organization.
“We are a B2B company, but even still we process personal data for customers, distributors and employees, and meeting GDPR compliance standards was an important step for our privacy team at OSRAM,” said Barbara Schmitz, Head of Privacy at OSRAM GmbH.
Data mapping and inventory are critical components of a privacy program. Understanding how data flows through OSRAM serves as a pre-requisite to being able to secure the data and analyze risks.
“We needed to first understand the data collection and processing activities within OSRAM so we could identify and mitigate any data privacy risks,” Schmitz continued.
To complete a successful data mapping exercise required participation from various business units across the organization. With 70 affiliated companies across the world, many with unique privacy requirements specific to their locale, OSRAM needed a technology solution that also served as a powerful communication tool to educate employees about data mapping exercises and its importance for global privacy compliance.