Caraffi Case Study Screen Shot

Hayley Gray



Caraffi provides consultancy solutions in a B2B capacity, enabling companies to assess and transform their talent acquisition processes. Many clients want us to act as their advisors, consulting with internal leaders and teams. We help to develop solutions across future talent planning, performance development, talent acquisition, research technology and employer branding. We elevate people leaders in their roles, helping them transform their strategies to drive success.

Founded: Myself and Graeme Paxton (CEO) launched the business in January 2019
Number of employees: We currently have around 56 employees, having doubled in size in the last 12 months
Target customer: Business to business (B2B)


What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Some of the service lines that we provide to our clients require the processing of some personal candidate/employee data. We were aware that this level of processing data may require a DPO. We had no specific data protection expertise within the business and were keen to ensure that our business was meeting our GDPR compliance obligations from the outset. Additionally, Caraffi also carries out B2B marketing and needed to ensure we were meeting our direct marketing obligations.

As a fast-growing start-up organisation, the words “data protection” and “GDPR” seem to instil fear, it’s not terribly easy to understand and as a business, we were keen to be on the right side of it and do everything correctly. We needed a full audit on what we already had in place, advice and guidance on what needed to change and finally ongoing day to day support. It was also important for us to have a clear designed, well-articulated process as to what we would need to action in the event of a data breach.

Prior to engaging Evalian, internally we had written and created an online video to train our employees annually on GDPR, however through this medium, we were unable to conduct assessments or record the completion of these assessments. So we had a requirement for a provider of online training that we could use to assess people against the data protection rules and regulations and how we operate in Caraffi so that we are fulfilling our obligations.

How did you go about searching for the solution and services? We found Evalian through a Google search and spoke to three other organisations, offering similar services but in different ways, for example, one was a fully remote online solution.

Please describe the reasons you decided to work with us. Was there a tender process or a referral? I liked the personable approach that I felt Evalian had from our initial chat, we decided we didn’t just want an online portal, we wanted to be able to phone somebody up and speak in person. It was that human real-world approach that Evalian appeared to have that helped inform our decision.

Did you have any expectations going into the process? My expectations were that we would have more to do than we actually did! Turns out that the work we had put in internally prior to contacting the experts was not wasted and was a good starter for 10.


Can you describe the process we took your business through and anything you learnt about your own business through working this way? Evalian conducted a Gap Analysis which confirmed areas we were compliant in, and areas we needed to strengthen and improve upon. From there, a remediation plan was formed. The speed at which our Evalian consultants have come back to us has been really helpful. Our clients and stakeholders expect us to respond really quickly in our industry, so we realised having a partner that understands that, is paramount to our business.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? Getting our head around the whole topic is difficult, but our designated consultant is great at explaining things in layman’s terms. I don’t feel there have been challenges, since getting Evalian on board, it’s been a real weight off, knowing that advice is on the end of an email or call.

What changes did you make as a result of working with us? We are well on our way to having our policies nailed down. We have also been ensuring the entire workforce is up to speed on GDPR, raised awareness on file encryption, and password protection, we’ve created our assessments and revised a number of existing agreements to ensure compliance. We regularly have Evalian review data protection and GDPR clauses in contracts so we can be sure we have everything covered and that our clients know that we take data protection seriously at Caraffi and have everything covered.


What has been the most significant achievement for your business facilitated by working with us? Evalian has really helped us get things moving forward. We get contracts and agreements through regularly, and it’s been helpful to have that professional support on hand to ensure everything is sewn up and done correctly, which is key.

What impact has the results from working with us had on your clients/stakeholders? Our clients and stakeholders can feel confident knowing that we really know what we’re talking about. For customers, it’s that sense of safety that we look after their data in the correct manner.

What do you hope to achieve in your future working relationship with us? We need to undertake incident response training so we know what to do if we experience a data breach. We want to make sure we are always up to date and up to speed with everything, and we will be able to demonstrate that we’ve taken every action we possibly can to mitigate a potential breach.

Learn more about our DPO services.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch