The client is a global company offering services in many jurisdictions, including the European Union. They wished to prove to the regulatory bodies that the architecture, system and processes that they had created provided appropriate protections for the privacy of their customers’ personal data.

The brief was to complete two security reviews: an existing application and a proposed solution due for roll-out once approval had been given. These solutions employ a variety of privacy-enhancing technologies (PETs), including anonymisation techniques and Confidential Computing. The client required two reports, both appropriate for presentation to the regulator.

Descriptions of the two solutions were provided with architectural diagrams and some ten meetings were held, both virtually and in person, to allow a detailed reviews. Further documentation was provided and technical teams were joined by members of the relevant legal teams to ensure that both the technical aspects and regulatory and legal aspects were considered fully.

P2P Consulting provided two review documents which were completed on time and delivered to the client for final review and presentation to the appropriate authorities.

The engagement lasted two months, with timescales agreed before commencement. All discussions were held under a Non-Disclosure Agreement (NDA) due to the sensitive nature of the client’s business and competitive environment in which they work.