What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? I was originally acting as Coeliac UK’s DPO, however, it was taking up a great deal of my time which was needed elsewhere across the business. Whilst we knew we required someone with expert knowledge of data protection, our need was not large enough to employ an in-house DPO, hence outsourcing the role was the chosen approach.
How did you go about searching for the solution and services? Initially, a google search was conducted and I believe prior to me joining the business, some proposals were sent out to a small number of companies who offer similar services to Evalian.
Please describe the reasons you decided to work with us. After speaking to a few select businesses, we felt Evalian had the best all-around offering. The quote we received was competitive and we were impressed by the efficient and timely communication from Evalian’s commercial director. We also felt that Evalian had the edge in being able to offer us e-learning and awareness training for our staff.
Did you have any expectations going into the process? Of course, cost played a part – being a charity we wanted to ensure that the service we receive is delivered in a cost-effective way and we receive the right support for what we pay for, but we also knew we wanted to partner with a company that could provide transparent and effective communication. We wanted a service that was reliable with the ability to be able to pick up the phone and obtain support in person rather than just online and we have found that Evalian is that organisation.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? Evalian initiated interviews with our stakeholders to learn about the organisation and got up to speed very quickly on our processes and procedures to gain the knowledge they needed to conduct a thorough gap analysis. Being new to the organisation, I insisted on being present in most of the stakeholder interviews and the process was really useful in giving me a deeper understanding of our role as data processors and controllers. It really helped us understand the position we were in, where the gaps were and where we needed to get to in terms of our compliance obligations.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? As with any organisation, stakeholders can sometimes be hard to reach, so that was at times challenging. However, our Evalian consultant was extremely helpful in supporting us throughout the process, addressing issues and updating documents and generally providing us with good advice when needed.
What changes did you make as a result of working with us? Evalian has supported us in updating our policies to meet our data protection compliance obligations which is a big step forward. We have also appointed an EU rep as well as having data champions for each department and we are now in the process of implementing steps in our policy such as deleting data in line with our retention periods.
What has been the most significant achievement for your business facilitated by using our services? It has allowed me to free up my time to focus on other areas which were previously spent on a great deal of DPO duties. We now have that level of confidence that we have taken and are continuing to take the right steps towards compliance. By outsourcing our DPO, we have saved money but are reassured that we have experts on hand to support us along the way and give us the confidence that we are doing everything right.
What impact has the results from working with us had on your clients/stakeholders? Our client’s and stakeholders’ privacy has always been of utmost importance to us due to the nature of our organisation and the sensitivity of the personal data we process. By appointing Evalian as our DPO and making the right changes to our policies and data protection duties, we are now in a much stronger compliance position. The steps Coeliac UK has taken alongside Evalian only strengthen and prove our commitment to meeting our data protection compliance obligations.
What do you hope to achieve in your future working relationship with us? We are very happy with the service Evalian provides us with, and we will continue to work with them and feel reassured by what we have experienced, that the good service will continue.
Learn more about our GDPR and DPO services.