One client, who sells a cloud software product, needed help with understanding how ready it was to comply with the new GDPR legislation. It had contracts with multiple suppliers and processed data for several hundred customers. The company also held its own personal and marketing data, but it wasn’t sure if it was compliant with the new rules on third-party management, security and direct marketing.
I spent time with the client to understand how each of its departments worked, where its data was kept and the management processes it followed. From that, I produced:
- A detailed report of more than 60 pages giving a point-by-point breakdown of how the client performed against GDPR, including the high-risk areas that need resolving urgently and my recommendations for addressing each one
- A project plan with my recommendations, the order in which to do them, the client’s priorities and the dependencies between each task
- A data map showing how data passes through the company’s systems from one application to another and where data enters and leaves the system to help the client track down its personal data and make IT changes more effectively
- A set of data protection and information security policies covering information classification and breach management among other areas. Without such policies, the client was at high risk of being prosecuted by the Information Commissioner’s Office if there was a data breach
- As a result of this, my client was in a better position to more effectively manage its information and make significant cost savings.