Client Needs
A group of eight separate but linked organisations working in the UK and European transport, heavy goods vehicles, haulage and freight sectors needed to fully understand their data landscape, improve UK data protection compliance, comply with the EU’s General Data Protection Compliance (GDPR), appoint a Data Protection Officer, negotiate and regularise relations with two large data processors and improve cloud data management in the UK, Ireland and Israel. Most importantly, the organisations wanted to build a robust data protection and privacy management system, reduce information security and cybersecurity risks and build the confidence and data decision-making capacity of each data controller organisation.
PrivacySolved Services and Solutions
PrivacySolved provided a range of distinct but integrated services and solutions. A senior External Data Protection Officer (eDPO) was appointed and registered with the regulator, updated policies and procedures, introduced new processes, developed data processor relationships and sent a comprehensive risks report to the board. The eDPO identified and addressed the compliance gaps with the GDPR and the UK Data Protection Act 2018. The eDPO also led a revision of the largest Data Protection Impact Assessment (DPIA) by re-aligning the focus, content, technology assumptions and high-risk data assessments. Direct answers, clear definitions, better data flow analysis, improved risk identification in accessible language were encouraged. Our Consulting and Strategy work was used to future-proof data governance with options for effective strategic data responses to Coronavirus Covid-19, Brexit and their cloud computing arrangements. Our strategic review of all information security policies increased process transparency and clarity. Our Cybersecurity service helped the eDPO to assess data breaches, advise on best practice, report internally and externally, strengthen reporting and recommend remedial measures. The organisations became more informed about their complex data ecosystem, better able to judge risk, more engaged with cloud data and able to limit operational uncertainty.
Results
The eight organisations were given the insights, senior expertise and resources to:
- Understand their datasets, boldly negotiate data deals and manage supplier risks
- Comply with UK/EU law by using an effective senior Data Protection Officer (eDPO)
- Improve data transparency, reduce cloud data risks and manage manual data stores
- Public Annual Reports reported strong data and cybersecurity gains to stakeholders