Karen Everett

Karen Everett

Chief Operating Officer


Sainsbury Family Charitable Trusts (SFTC) is the operating office that provides support services to 20 independent, grant-making charitable trusts and companies established by members of three generations of the Sainsbury family. The trusts’ support for charitable causes over more than 50 years represents one of the leading examples of sustained philanthropy in the UK. Each trust and charitable company is an independent legal entity and is actively led by an individual member of the Sainsbury family.

Founded: In operation for 50+ years
Number of employees: 100+
Target Customer: Registered charities or activities with clearly defined charitable purposes predominantly in the UK and Africa.


What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Prior to the introduction of the EU GDPR, we had well-established procedures for assessing and awarding grant applications and processing claims to grant beneficiaries. Each charitable trust operates autonomously and whilst SFCT maintained overall responsibility for developing data protection policies and procedures for trust adoption we were uncertain whether these were implemented consistently and whether there were any compliance gaps.

How did you go about searching for the solution and services? One of our key requirements was to appoint a consultant that understood the charity sector and the challenges and risks associated with processing large volumes of personal data by different trust teams, and that could help us remediate any shortcomings pragmatically.

Please describe the reasons you decided to work with us. We spoke with several consultancies but we liked Evalian’s pragmatic and friendly approach. Our trust executives were immediately put at ease during the discovery phase and were confident that Evalian had a good understanding of our organisation.

Did you have any expectations going into the process? We had not appointed data protection specialists before. Rather than recruit and train an existing member of staff for a full-time compliance role we opted to appoint an independent subject matter expert to provide us with an independent and honest assessment of our data protection posture.


Can you describe the process we took your business through and anything you learnt about your own business through working this way? After an initial phase of discovery interviews with each trust executive, Evalian soon built an extensive knowledge base of our processing. Producing a detailed data map improved our understanding of personal data processing and associated information security risks. After a period of development, we now feel very confident in how we handle personal data.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? We are strong advocates for our trusts operating independently. evalian® helped us find the right balance between implementing core data protection policies and procedures whilst giving trusts the flexibility to continue to function without significant organisational change.

What changes did you make as a result of working with us? With Evalian’s assistance, we have built an internal data protection capability and an effective governance framework. Our newly formed data protection champions team feel engaged and interested in maintaining compliance with our data protection responsibilities.


What has been the most significant achievement for your business facilitated by working with us? Helping us understand the personal data flows, addressing potential risks and ensuring that our staff feel far more confident in dealing with data protection and information security.

What impact has the results from working with us had on your clients/stakeholders? Our improved data protection and information security capability give greater comfort to our trustees.

What do you hope to achieve in your future working relationship with us? We retain Evalian as our Data Protection Officer and for ongoing advisory support.

Learn more about our Outsourced DPO Services.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch