A hospitality company has long been working to protect its customers’ private data. This company operates purely in the US but became inundated with requests to certify they were compliant with GDPR/CCPA after the regulations had taken effect. Their General Counsel was understandably unable to provide such guarantees but in a competitive market they knew they had to stay on top of their game or risk losing confidence of their business partners and/or large customers that accounted for significant sources of revenue. The company determined there was much more they could do to govern sensitive data but needed a way that was cost effective with realistic goals and outcomes. The presentation will provide an in-depth look at the program powering their sensitive data governance strategy.