Case Study

EU GDPR Training

Share this Case Study with a friend.

Customer Challenge

A global insurance company needed to set up a privacy training programme to demonstrate full compliance with Art. 5(2) (the ‘accountability principle’) of the EU General Data Protection Regulation (GDPR).

This training needed to cover a very wide variety of role-based education, taking into account the variations in local legislation. The client’s staff regularly deal with sensitive personal data and therefore many business processes are, from a privacy perspective, considered to be vulnerable and of high-risk.

How Citihub Helped

Citihub was engaged for 6 months to develop a global privacy training programme, including course materials and trainers, and to produce regular privacy awareness communications.

Citihub’s data privacy consultants delivered:

  • Engagement with Privacy Champions (within business and technology operations) to determine privacy training requirements;
  • A privacy training approach & plan for high-risk areas;
  • Comprehensive recorded web-based training courses covering topics such as Privacy Impact Assessments and Data Subject Requests;
  • A series of live training workshops on Data Subject Requests for the global Human Resources team;
  • A series of live training courses for business units and country Data Protection Officers;
  • A full set of template responses for different types of Data Subject Rights Requests;
  • GPDR training tailored to roles within the firm (e.g. Marketing, Compliance, Insurance Broking) and also tailored for EU country-specific privacy legislation;
  • A regular privacy awareness communication as well as staff communication and education ‘reminders’ (e.g. posters, notices on intranet).

With input from Citihub and working collaboratively with the customer, training was created and distributed in line with regulatory requirements.


  • Established training to cover regulatory accountability alongside local legislation in other countries, taking into account planned future legislative requirements
  • The customer now has reusable, compliant templates for responding to all Data Subject Requests
  • Delivered training in multiple EU countries to cover a variety of role-based needs. This covered general awareness communications to role-based training workshops
  • The customer is now compliant from a regulatory perspective

Related Case Studies

Our Insights

see all insights

Learn more about our Services

Application Modernization

Driving the technical, operational and cultural changes required for adoption of cloud native architectures, platforms and services

Application Modernization
read more
read more

Making data accessible, usable, accurate and secure

Data Management
read more
read more

Architecture, design and hands-on engineering of secure and scalable private and public cloud platforms

Cloud Platform Services
read more
read more

Ensuring safety of data and applications in the cloud by integrating security into the heart of developer workflow

Cloud Native Security
read more
read more

Unlocking cloud-based developer productivity through modern, dynamic approaches towards compliance

Continuous Compliance
read more
read more

Implementing modern organizational structures and operating models that transcend traditional silos

Enterprise Transformation
read more
read more

Let's talk about your digital transformation

contact us