Trunomi Case Study: Everis complies with EU GDPR

Posted 1st October 2018 by in Consent, Customer Case Study, GDPR


“Trunomi’s industry-leading data rights platform allowed us to meet our challenging GDPR targets in record time – we highly recommend them!” – Alejandro Sánchez Pérez, Corporate DPO

everis is an NTT DATA Company, dedicated to consulting and outsourcing in all sectors, with a turnover of €1.03 billion in the last financial year. They have 19,000 professionals across Europe, USA and Latin America.

Trunomi enabled everis to:
• Meet its GDPR challenge in only four weeks, using Trunomi’s secure and immutable data rights platform, deep GDPR knowledge and templates, and its agile, flexible team
• Have confidence that it has an industry leading solution for HR and Marketing data rights
• Have a platform that can scale with its business needs as it adds new systems, processes and use cases

Download PDF of case study

  • This field is for validation purposes and should be left unchanged.

Meeting the EU GDPR deadline

Like so many companies operating in the EU, everis found itself up against an enormous challenge – how to comply with the EU’s stringent General Data Protection Regulation before the May 25th deadline for enforcement. Their immediate need was to be fully compliant in the areas of Marketing and HR. Their specific GDPR needs were:
• Capture consents and other legal bases for lawful processing of personal information in one place.
•  For marketing this meant seeking consent from its clients, customers, associates and contractors to provide
consent to receive marketing, event and product information.
•  For employees this meant agreeing to terms and conditions and data privacy policies. everis knew that not
all of their HR activities were covered by their service agreements.
• Allow customers and employees to access and view their information, rectify errors, and revoke consent
• Ability to demonstrate lawful processing by showing that their data rights solution was secure and auditable

Additionally, as a global company, they needed the solution to meet a number of business needs:

• Be able to pull consents from a range of global systems into a single location, but also be able to federate out any changes
• Be scalable and flexible, as new systems and processes are introduced across the global group

Finally, with four weeks to go, they needed the solution to be quick and easy to implement, and they needed Trunomi to help with integration.

How Trunomi solved their challenges quickly and effectively:

To solve everis’s GDPR needs, Trunomi used its global data privacy know-how to work in a collaborative, agile way with the everis team. Trunomi led the creation of a specification for what consents everis needed to capture across HR and Marketing, accelerated by using its standard templates.

HR Solution

HR Employees were asked to agree with terms and conditions and an updated data privacy policy. everis also stored candidate CVs during and after the selection process, and realized they needed the candidate’s consent to do so. everis already had HR data rights information which they needed to batch-load into the Trunomi platform for their Data Protection Officer to view and access.

They implemented the solution by sending their employees an email with a link to their Intranet. They embedded Trunomi’s consent widget into their Intranet, and used the employee’s ID which was hashed and used as the Trunomi widget ID within the intranet. In addition, they set up a landing page for candidates to capture the necessary consent to process and store the candidate’s CV, using the candidate’s email ID. As phase 2 they are implementing Trunomi’s data rights widgets to provide the functionality for employees and candidates to request access, rectification or erasure of their data, or to object to processing, and they are also doing data rights integration with their HR systems for permission management via their Intranet.

Marketing Solution

everis’s clients were asked for consent for a number of reasons:
• Use of email to receive Marketing information, events information and services updates
• Consent to share contact information (name, role, email) with other everis companies

everis created a landing page on the everis main website to provide a preferences page to capture contact details and consents. Once submitted, this created an immutable record of consent (a TruCertTM) with the preferences identified above. As with HR, they batch-loaded existing consents for their DPO to view.

An email was sent to everis’s clients with a link to the preferences page on the everis website. The Trunomi consent widget was embedded into the website landing page using the client’s email ID as the identifier. As phase 2 they are adding Trunomi’s data rights widgets into their CRM for clients to request access, rectification or erasure of their data, or to object to processing. They are also integrating the data rights widgets into the CRM for permission management by the sales teams so they can run campaigns from CRM based on permissions.

The Trunomi platform fully met everis’s business needs. Its patented technology provides a secure ledger that consolidates consents and lawful bases for processing personal information into one place. The data rights it holds are secure and immutable, and visible as lawful records to demonstrate GDPR compliance. Its structure is flexible and scalable. The wide range of connectors and REST APIs allowed easy integration with everis’s business systems, while the Trunomi widgets were easily embedded into everis’ front-end systems.

Implementation happened quickly within the four-week timeframe. everis’s instance of Trunomi was hosted on Trunomi’s AWS cloud environment but integrated with everis’s own systems including their authentication processes. Widgets were embedded as iFrames into Everis’s system front-ends.

Trunomi adopted an agile approach. Onsite training was given to Everis’s technical team, in addition to integration support on the overall architectural solution. Trunomi provided developer resources to do the front-end widget integration. Easy to use, intuitive templates of data types, purposes and consent messaging accelerated the process of set-up and configuration, with Trunomi’s multi-language support providing the Spanish capability.

As issues arose, Trunomi provided solutions extremely quickly. They rapidly introduced new functionality to support the IE browser that Everis uses

Trunomi’s Platform is an ideal way for companies to quickly implement an auditable, high-quality solution to the challenges of EU GDPR and other global privacy standards and regulations. It is secure, scalable and easy to implement. By providing a solution that consumers and clients can trust, it paves the way for companies to create a sound relationship with its clients and employees, encouraging personal information sharing that benefits both parties.

Additional Information

For more information about Trunomi’s data rights platform, and to request a demo, please contact [email protected] or visit our website