Under Armour Evolves its Comprehensive Global Privacy Platform for GDPR in Just Six Months

With WireWheel, an APN Advanced Technology Partner and AWS Security Competency Partner

Helping Athletes Succeed

Under Armour’s mission is to make you better and support each athlete’s unique journey to help them succeed. “Our goal as we grow the Under Armour brand and fitness application footprint is to engage with consumers in ways that deliver on our core mission and help athletes of all levels achieve their personal goals,” says Tokë Vandervoort, senior vice president and deputy general counsel at Under Armour.  

“I don't want to look for another tool if I have one that I know has been built with our needs in mind and by a team we trust.”

- Rebecca Shore, Director of Global Privacy at Under Armour

In addition to its expansive clothing and footwear line, Under Armour has also developed the world’s largest online fitness community through its third-party acquisitions and internal development efforts, with over 250 million individual downloads of its apps. The company’s applications include MyFitnessPal (a nutrition logging app), MapMyFitness (a running and training app), and Endomondo (a workout planning app). Building and maintaining trust throughout its online community is core to each facet of Under Armour’s business and development efforts.

"Our approach has always been to lead with the concept of trust. That is what we're trying to build, maintain, and hold onto with our users as we share in their fitness and wellness journey," says Vandervoort. Taking a proactive approach to privacy is key for Under Armour to develop, maintain, and sustain trust among its global and rapidly-growing user base. 

Taking a Proactive and Universal Approach to Privacy

With trust as its foundation for the choices and decisions teams make, Under Armour chose to hold itself accountable by ensuring its global privacy program touches every facet of the business. “We have very much embraced the concept of privacy-by-design,” says Rebecca Shore, director of global privacy at Under Armour. "Depending on the project, program, and business unit, we're involved at the very early stages of development. Shortly after concept, we get involved when features we develop have a privacy implication. We provide guidance for teams to enhance the foundation of trust and implement privacy-by-design best practices throughout development." The team also works with a robust global network of third-party providers to evaluate and ensure its privacy standards are met.

Under Armour knew it would need to evolve its program to comply with the stringent data privacy regulation changes—intended to protect individuals in the European Union (EU) from privacy and data breaches—outlined under the EU General Data Protection Regulation (GDPR) that went into effect in May 2018. The Under Armour team decided to take a broader approach and develop standards they internally refer to as GDPR+. “We chose to apply the principles of GDPR to every facet of the organization and every region because we anticipated it would quickly become a kind of global standard,” says Shore.

To prepare itself for the GDPR deadline while also implementing new standards across its internal and third-party application portfolio, Under Armour began to evaluate privacy platforms and solutions that could evolve and scale alongside the company on Amazon Web Services (AWS). After an extensive evaluation, Under Armour found in WireWheel an ideal partner and platform.  

Developing a Robust Privacy Platform Using WireWheel on AWS

WireWheel’s privacy management platform was built by privacy and data experts to help organizations solve compliance challenges and embrace a privacy-by-design approach. “We believe that privacy is a fundamental human right, and our mission is to help people protect privacy and help companies turn a proactive approach to privacy into a competitive advantage,” says Scott Handler, chief information security officer and vice president of partnerships at WireWheel.

An AWS Partner Network (APN) Advanced Technology partner and Security Competency Partner, WireWheel built its platform on AWS as a software as a service (SaaS) offering. "The transparency and scalability we're able to bring customers through the combination of WireWheel's technology and AWS are transformative for privacy officers managing a global privacy program," says Handler. “We want to enable privacy teams to forge strong relationships with information security teams. Using WireWheel’s platform Under Armour has brought greater visibility for both privacy and security teams while they seek to operationalize their privacy program.” 

underarmour-wirewheel-architecture

WireWheel’s architecture on AWS 

The Under Armour team first met WireWheel for a high-level discussion. “We sought a partner who really understood what it is to operationalize privacy effectively and efficiently,” says Shore. "As we're working hand-in-hand with the cybersecurity team and other teams across our organization, we wanted a partner who could understand our data flow process and could look at what we needed from our perspective."

As the Under Armour team began working with WireWheel, they knew they’d found a partner to provide not only deep expertise in privacy and data laws and regulations, but also a partner with an open mind. “From our first meeting onward, WireWheel proved itself willing to use its agile approach to development to collaborate and evolve its technology in response to our feedback,” says Vandervoort. “The WireWheel team quickly gained our trust through their willingness to listen to us about what we needed to build our unique global privacy program, rather than telling us what we should want.”

Under Armour began using WireWheel in November 2017 and took a two-phased approach to develop its privacy platform. For phase one, the team focused on readying Under Armour for the GDPR deadline.

“We worked closely with WireWheel to get our basic questions and components into the platform while entering additional information we needed to get into our systems based on 17 questions raised by the WireWheel team. We also used WireWheel to complete a high-level audit of over 300 third-party vendors,” says Shore. “For phase two, we’re focused on taking advantage of WireWheel’s assessment and data mapping technology, taking the information we have and automating our security and compliance assessments within the system fully."  

Driving Business Outcomes through Privacy Insights

Using WireWheel on AWS, the Under Armour team felt confident facing the GDPR deadline. “We had a clear roadmap for our WireWheel development and a narrative we could speak to when discussing the updates we had already made and future developments to come,” says Shore. “We felt comfortable that we were with the right partner and that we had a good story to tell that has only gotten better over the last year.”

With WireWheel, Under Armour had a tool to help demonstrate GDPR compliance and conduct GDPR-focused third-party audits in just four months. As an unexpected result of the audit process, the company discovered redundancies in some service providers, identifying potential cost savings.

Another benefit for Under Armour is WireWheel’s data mapping capability and its single-pane-of-glass-display for data. This enables Under Armour’s privacy and security teams to create critical data and business process maps to make collaborative, informed decisions. "It's compelling for me to be able to meet with folks across the organization and quickly provide a picture of data we’re discussing,” says Shore. Demonstrating these capabilities within the organization helps the team define its leadership role in data and information governance across the company.

"The innovative idea, collaborative approach, and the dedication on all sides to delivering a truly differentiated solution have allowed us to operationalize assessments and data flows while keeping them up-to-date successfully," says Vandervoort. “Using WireWheel, our privacy program can enable and support Under Armour’s business goals and its mission to make athletes better.”

The Under Armour team believes its relationship with WireWheel will only continue to deepen. “I don't want to look for another tool if I have one that I know has been built with our needs in mind and by a team we trust,” says Shore. “There's enormous upside potential for us working with WireWheel, not just with its tooling, but within the relationship itself.”  

600x400_under-armour_logo

About Under Armour

Under Armour, headquartered in Baltimore, Maryland, is a leading inventor, marketer, and distributor of branded athletic performance apparel, footwear, and accessories. Powered by one of the world’s largest digitally connected fitness and wellness communities, Under Armour’s innovative products and experiences are designed to help advance human performance, making all athletes better.  

Challenge

Under Armour chose to hold itself accountable by ensuring its global privacy program touches every facet of the business. To prepare for the EU General Data Protection Regulation (GDPR) rollout and develop a robust privacy program, Under Armour began to evaluate privacy platforms and solutions that could evolve and scale alongside the company on Amazon Web Services (AWS).  

Solution

The company chose to work with WireWheel, whose privacy management platform was built by privacy and data experts to help organizations solve compliance challenges and embrace a privacy-by-design approach. Under Armour began using WireWheel in November 2017 and took a two-phased approach to develop its privacy platform. 

Benefit

With WireWheel on AWS, Under Armour had a tool to help demonstrate GDPR compliance and conduct GDPR-focused third-party audits in just four months. As an unexpected result of the audit process, the company discovered redundancies in some service providers, identifying potential cost savings. 

About WireWheel

WireWheel helps companies quickly and efficiently comply with privacy regulations, including the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). To do this, the company uses human-assisted machine learning and integrations into cloud infrastructure and on-premises and cloud data stores. Founded by experts in privacy protection, application development, and data engineering, WireWheel is changing the way companies protect personal information and build trust with their customers.