GDPR Case Study

How One Business Became GDPR Compliant: A Case Study

Last week, we held our second GDPR event in partnership with Microsoft and Mimecast, which was designed to help local businesses understand the ins and outs of the new legislation and which tools they could implement to aid compliance.

We understand that the GDPR can seem like a complicated topic with a lot of different factors to take into account, so often businesses are left thinking ‘where do we start?’. With the help of Arden’s GDPR consultant Robert Healey, we have put together an article outlining the details of how one business became GDPR compliant, to give you an idea of the steps your business can take now, to get ready for the new legislation.

Business Profile

GDPR Case Study- Business Profile

Assessment

Interviews were undertaken at both department and senior leadership level, to help identify all areas of data storage and processing and ensure that all elements of risk were addressed when creating the compliance plan.

Processing Records and Compliance Documentation

Information analysis and data mapping (using the questions below) were then completed to gain a better understanding of the data the business had access to, which data will need to be destroyed, and which will need to be kept under increased security to minimise the risk of a breach.

Product recommendation: Sophos Intercept X and Sophos Endpoint Antivirus will ensure that your endpoints are secure from the latest malware ransomware and viruses, meaning any data your business stores, won’t fall into the wrong hands.

Compliance Recommendations

Establish a Data Protection COE

Develop a policy that establishes core principles for the protection of personal data. This alongside the appointment of a Data Protection Officer will serve as a foundational for other subordinate processes.

Confirm Cross-Border Data Transfers

Ensure that all cross-border data transfers are in alignment with the new rules regarding consent and that all data remains protected. For employees on the move, Safeguard Encryption by Sophos can help you to keep individual files secure wherever they go, therefore helping to maintain compliance even when engaging in cross-border data flows.

Prepare HR-Specific Deliverables

These include employee notices which cover consent issues and procedures for managers such as the way in which access requests and other data subject rights should be addressed. Other deliverables include updates to your code of conduct and information regarding staff training.

At this point you will be ready to familiarise yourself with the ways in which you can prove your business is GDPR compliant

Do you need more information about how you can get ready for the GDPR?

Contact a member of our team today to discuss your compliance plan.

GDPR within Finance
GDPR in Education Featured Image

We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. That means that the views brought forward in this page are not necessarily shared by lawyers or courts.

Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.