What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Prior to the introduction of the EU GDPR, our Group internal auditors recommended that we develop a data protection management framework to evidence that we comply with the accountability principles of the new legislation. This was a daunting prospect, and we were not sure we had the internal capacity to tackle this challenge.
How did you go about searching for the solution and services? As part of the consultant selection process, one of our key requirements was engaging with a practice that was able to appreciate the real challenges and risks we face in processing large volumes of personal data and help us implement pragmatic and sustainable solutions, whilst helping us build an internal data protection capability.
Please describe the reasons you decided to work with us. We spoke with a few consultancies but were won over by Evalian’s fresh, can-do and friendly service. After completing the first phase of work we were confident that they had a good understanding of our business. They helped prepare us for GDPR compliance and we continue to retain them for ongoing support.
Did you have any expectations going into the process? We had not appointed data protection specialists before and had, to some extent, been reliant upon our external financial auditors. GDPR seemed such a different proposition and so we wanted to see what other alternatives were available.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? Through an initial intensive discovery phase, Evalian completed a detailed data map and GDPR gap analysis which culminated in them developing a remediation plan. They helped us implement improvements in our data protection posture and have been very supportive of our ongoing compliance with GDPR. In short, we feel fitter and stronger from the experience.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? Fresh is committed to its shareholders, staff, contractors, and suppliers, however, with so many competing demands on the business evidencing our commitment to GDPR accountability can sometimes be overlooked. In a rush to get things done we needed to be reminded of this fact. It was great having Evalian by our side, as a ‘critical friend’.
What changes did you make as a result of working with us? We built an effective data protection governance framework, which included updated policies and procedures, rolling out an effective training programme and the creation of a data protection champions team who are our ‘eyes and ears in the organisation. Evalian has brought data protection to life.
What has been the most significant achievement for your business facilitated by working with us? It’s clear that there is far greater staff engagement in data protection and information security. We can evidence a sound commitment and compliance to GDPR accountability. Evalian has also been supportive of ad-hoc requests and projects like a true business partner.
What impact has the results from working with us had on your clients/stakeholders? Our improved data protection and information security posture give greater comfort to our clients and staff.
What do you hope to achieve in your future working relationship with us? We will continue to use Evalian as our data protection officer and to assist us in preparing for Cyber Essentials certification.
Learn more about our DPO and GDPR Services.