What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We originally had someone in-house that acted as our data protection officer, however, they were not formally qualified in that area. When data protection and GDPR came into force and it became a more topical part of business, we attached more importance to it, and knew we had to step up our compliance. We felt it was a wiser solution to hire an external expert to do a compliance review, in conjunction with looking at other parts of compliance for our business such as AML.
How did you go about searching for the solution and services? We initially spoke to a couple of companies and were also aware of Evalian through another provider.
Please describe the reasons you decided to work with us. We were drawn to Evalian’s services due to the combination of overall package and cost – we felt Evalian’s Data Protection service was very reasonable value for money given what the service would entail. But just as important, if not more so, was that we were happy with our initial conversations with Chris, and the wider team and felt that Evalian were the right fit for our organisation.
Did you have any expectations going into the process? We didn’t have a comparison, so had no expectations, only what was set within the initial meetings. I knew we wanted to make sure we were compliant with policies, and use a provider that could take control of that. One of the key things for us was being able to have that immediate channel for expert advice.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? The process began with discovery calls with the heads of each department within Ashtons, which were very structured and thorough. The questions asked, although technical, were worded in such a way that they were easy to understand, so we were confident that sufficient information was provided to allow Evalian to carry out a comprehensive analysis of our current data protection posture.
The initial Gap Analysis was straightforward, and we felt Neil got up to speed with our business really quickly and efficiently. The process has been smooth and Neil is great at letting us know what is required and when, and supporting us through that. The Gap Analysis report identified areas of improvement or non-compliance and a comprehensive remediation plan was drafted, detailing the work required to bring Ashtons to a state of core GDPR compliance. The policies and procedures drafted were of a very high standard, written in plain English, so they are very user-friendly and easy to understand. Neil has always been readily available on the phone or by email to answer any questions or issues we may have and is always very quick to respond.
Were there any challenges you found along the way? There have been no specific challenges, as such. Neil has been brilliant in many regards, simplifying the process as much as possible, he is very technically astute with efficiency and has a genuinely nice way about him. We were very confident in the support provided by Evalian, so were comfortable letting Neil steer us in the right direction.
What changes did you make as a result of working with us? Very little has changed in the way we process data, but now all colleagues within our group of companies have a better understanding of the importance of data protection. Data protection is now reported at the board level, but thankfully to date, there have been no major incidents to report. We now have a comprehensive suite of data protection policies and procedures which are made available to staff, which we didn’t have before, and all colleagues are required to carry out data protection training upon induction, refreshed annually.
What impact has the results from working with us had on your clients/stakeholders? In terms of clients and stakeholders, they wouldn’t notice any difference, but internally we now have that confidence that everything is as it should be, we have a strong document framework and robust compliance. I think it’s more about the fact we’ve been able to be comfortable with the responses we’re giving the clients.
Our employees are about to do the online GDPR assessment course again, which we find to be user-friendly and easily accessible.