What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Within our newly created COVID-testing laboratory and associated departments, we were processing around 70K data subject records; this was rapidly increasing. I knew that the level of processing activity would mandate the appointment of a Data Protection Officer (DPO).
We started off with only processing a few covid samples in the beginning, we were already registered with the ICO and were aware of the need for protecting personal data, but with the amount of data rapidly being processed we felt we needed extra support. Using my experience and NHS background I was able to create internal documents and protocols incorporating data protection processes however, as this business also involved direct contact with customers and clients, I knew we needed experts to guide us in the right way to process and protect our data and respond to Subject Access Requests appropriately. We knew we had a duty of care to make sure we were doing things the right way.
How did you go about searching for the solution and services? We initially conducted a google search and found Evalian and a couple of other companies offering the same services. Evalian’s website stood out to me as having exactly the type of service we needed so we set up a call.
Please describe the reasons you decided to work with us. After our initial chat with Chris, the commercial director, at Evalian, we knew immediately that Evalian were able to provide what we needed. We also liked that Chris suggested we start off with a set number of hours, but we could add on if we needed to – we liked the flexible approach.
Did you have any expectations going into the process? I’d never worked with data protection services before, but I knew that I wanted to be able to have access to on-demand guidance. If something came up last minute, I wanted immediate advice and someone I could rely on to answer any of my questions within a given time.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? The process with Evalian has been really smooth. Going through the Gap Analysis, highlighted a lot of things we needed to speak about. It prompted some deadlines which we needed in place to get things done, but at the same time, prioritise what we needed to do rather than a rushed process of trying to get everything done in one go.
The Gap Analysis report was a great visual, using the traffic light system of red, amber and green, to instantly see what we needed to build on. The report was really helpful, and I found it easy to use it as a reference, and catch up on dates and points of contact.
Were there any challenges you found along the way? There were no challenges from Evalian’s side, but getting the work done on our side, finding the time and resources, as with any busy company, can be a challenge. However, Isabela has supported us really well, when unexpected things come in, she has been really responsive and always finds time to schedule a quick meeting when we need it.
What changes did you make as a result of working with us? The online GDPR course has been helpful and many of us revisit the course because its easily accessible. The fact we now do regular DP reviews with management staff every three months has brought departments together as well and seems to have really built a strong awareness culture within the organisation.
What has been the most significant achievement for your business facilitated by using our services? We’ve now got a really robust suite of documents and have strengthened specific data and GDPR-based documents. We talk about GDPR and data protection a lot more internally, which shows our staff are now more aware.
What impact has the results from working with us had on your clients/stakeholders? From our customers’ side, although they won’t see any changes directly, it ensures they are safe in the knowledge that we protect their data in the best possible way and are responsible with it.
We are now able to also deal really effectively with any Subject Access Requests and understand the background and the legalities of a SAR. It means we can go back to our customers confidently and give them clear responses.
What do you hope to achieve in your future working relationship with us? For example continuing the current service or using additional services? We will continue to build on our data protection framework with Evalian. We will always have health records and still have to deal with those, no matter what direction the organisation goes in, but we will be more ready to take on a big surge of personal data and we will continue taking positive steps to strengthen our awareness internally.