Question? Call Us +44 330 122 8239

getting back to what you do best

Effective, efficient processes

Our client is an established leader in the provision of support services and the associated software to a number of local authorities. Certified to ISO-27001 and employing internal development, information security and network teams, they had an established governance and control system.

The introduction of GDPR in 2018 created additional contractual and compliance obligations to be considered for which they assigned responsibility to a Project Manager with the support of an existing quality/compliance person.

Industry
Software Development and support services for Local Government
Service(s)
Share
Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email
Follow Us
Jigsaw puzzle pieces on blue background
The problem

Conflicting demands

Although familiar with the requirements of ISO-27001 and other information security standards, the small team assigned to the task felt overwhelmed by the finer practical details of implementing Privacy friendly controls into operational processes – especially while trying to perform their ‘normal’ duties.

This was made worse by conflicting demands from different customers making it hard to design and implement new processes which were compliant and workable.

After attending a Fidabona event, they asked us to review their Information Governance framework and assist in creating something which met both ISO-27001 and Privacy obligations in an operationally practical and efficient way.

What we did

Evolution not Revolution

Our review aligned the existing policies and records with Privacy legislation such as GDPR through the addition of Privacy specific areas. e.g. the existing Data Breach process was extended to include an assessment of the risk to affected Data Subjects and the change management process was extended to identify the need for a DPIA.

We then assisted in liaison with local authority customers to agree and develop core processes which met contractual and regulatory obligations such as the process and SLAs around meeting Data Subject Right requests.

We extended the ISMS to include information needed for Records of Processing Activities etc under GDPR.

Three pieces of white jigsaw puzzle
Hand complete the last piece white puzzle for business concept
The value we added

There when we're needed

We continued to support the client as their outsourced DPO allowing their team to return to their usual duties and giving a single point of contact and expertise within the business for privacy related issues; including in case of incident or customer queries.

Role specific and general data protection training helped embed the new policies and processes and we worked with operational leads to ensure they were practical and updated to learn from experience. This review and audit cycle improved process effectiveness and efficiency and allowed a transfer of knowledge to internal staff allowing them to become more independent in developing and managing privacy related initiatives.

Improved privacy and security stances consolidated relationships with existing customers and provided additional assurance to new or prospective ones.

Get Started

Let's talk about your needs

We know. This is normally where you’d see an easy to submit enquiry form. One that’s likely an entry into a lottery whether you’ll get a response or not. 

Get the answers you need. We don’t bite.

Use live chat or book in a no obligation online meeting to help us get to the bottom of how we can best help you (invite some colleagues if that will help).

How we use the personal data you provide when booking an appointment. In short, we ask for your name, email and phone number and will only use them to manage your appointment by creating an account for you which you can use to cancel or reschedule and by communicating with you about the appointment. You will not receive marketing calls or emails – only the information you ask for. Please see our Website Privacy Notice for more information.

Learn More

Related Insight

Related Events

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });
@font-face { font-display: block; font-family: Roboto; src: url(https://assets.sendinblue.com/font/Roboto/Latin/normal/normal/7529907e9eaf8ebb5220c5f9850e3811.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/normal/normal/25c678feafdc175a70922a116c9be3e7.woff) format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 600; src: url(https://assets.sendinblue.com/font/Roboto/Latin/medium/normal/6e9caeeafb1f3491be3e32744bc30440.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/medium/normal/71501f0d8d5aa95960f6475d5487d4c2.woff) format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 700; src: url(https://assets.sendinblue.com/font/Roboto/Latin/bold/normal/3ef7cf158f310cf752d5ad08cd0e7e60.woff2) format("woff2"), url(https://assets.sendinblue.com/font/Roboto/Latin/bold/normal/ece3a1d82f18b60bcce0211725c476aa.woff) format("woff") } #sib-container input:-ms-input-placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container input::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container textarea::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; }
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Newsletter

Subscribe to our newsletter and stay updated.

window.REQUIRED_CODE_ERROR_MESSAGE = 'Please choose a country code'; window.EMAIL_INVALID_MESSAGE = window.SMS_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_ERROR_MESSAGE = "This field cannot be left blank. "; window.GENERIC_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_MULTISELECT_MESSAGE = 'Please select at least 1 option'; window.translation = { common: { selectedList: '{quantity} list selected', selectedLists: '{quantity} lists selected' } }; var AUTOHIDE = Boolean(0);

We use Sendinblue as our marketing platform. By Clicking above to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });

Hooray!

We're excited you'd like to come along!

However, we need to tell you something important before you do:

How we use the personal data you provide when booking to attend an event.

In short, we ask for your name, email, the organisation you represent and phone number. For paid events we also collect billing information to process your order. We use this information to manage the event and your attendance by sending you email and SMS (if you provide a mobile number) confirmations and reminders about the event and any replays which are available. For some events we may invite you to complete optional surveys to either help us tailor the event beforehand or get feedback from you after the event is over.

The information you provide will be transferred to our Webinar platform provider where we use analytics to help measure the effectiveness of our webinars e.g. record whether you attend the event and how long you attended for. We also store your information in our CRM where it may be combined with publicly available information about you or the organisation you represent (such as that from LinkedIn or Companies House) and your communications with us. This combined picture will be used to help identify which of our services may be of interest to the organisation you represent; so, yes, we may market to you but only in your professional capacity and only in a targeted way once we know more about how our services may be of benefit to the organisation you represent. Above all, we promise to stop when you tell us to.

Please see our Website Privacy Notice for more information.

Subscribe to get 15% discount