Information Governance, Privacy & Security

In order to comply with regulatory requirements, avoid financial losses and ensure business continuity, we offer various data governance services, including designing and establishing data governance programmes; performing data mapping and corrections; identifying sensitive data (personal data, client information, intellectual property); securing corporate data in the event of employee departure, sale or merger; and migrating data to the cloud.

Given the regulatory risks pertaining to data protection, companies must conduct due diligence, which includes assessing the personal data acquired (taking into account the legal basis for its processing), preserving the value of the transaction and protecting against potential and costly class-action proceedings and administrative investigations. Our team offers solutions that not only reduce the risk of noncompliance but identify and increase the value of personal data by designing and implementing alternatives that satisfy the various privacy regulations.

As personal data volumes increase, companies face new challenges, including safely mining corporate data to find key information quickly; storing sensitive data, such as client information and intellectual property; securing data against internal and external threats; and disposing of obsolete or redundant data to reduce storage costs and the risk of regulatory noncompliance.

We help your company overcome these challenges and get the most from the data, without disrupting the normal course of business.

When help is needed to determine what to keep and what to delete, while remaining compliant, organisations across all sectors and their legal counsel rely on FTI Consulting to assess which data may be subject to hold obligations.

We help modernise e-discovery processes to ensure hold obligations are efficient, cost-effective and defensible. Learn more

We provide investigation and data governance advisory and services for Microsoft 365 users. Specifically, we help clients choose the license that best suits their needs and budget, migrate systems securely, configure and classify data, set up devices that limit data leakage and eliminate redundant, obsolete or irrelevant data to reduce costs and the risk of loss or violation of data storage or personal data protection regulations.

Our personal data protection experts can help tackle the challenges related to third-country data transfers that may arise when a company engages in remote technical assistance, outsources data processing operations or conducts procedures that require the processing of data from several jurisdictions. We examine the efficacy of the protection measures already in place and identify and document any additional measures necessary to protect personal data throughout its lifecycle.

Using our data analysis technology, we can locate personal data within the established deadlines. Our approach to data subject access requests (‘DSAR’) is flexible and cost-effective. It can focus on a technological solution or entail end-to-end managed services, including data collection, hosting and review.

We have participated in high-profile cases, helping clients that operate in various sectors and regions address personal data breach notifications. Our data protection experts assess the nature, scope and scale of the violation to determine if our clients must notify the supervisory authorities and, if so, the affected persons. We use machine learning and analysis to identify the personal data involved and facilitate notification of the data subjects within the established deadlines.