Challenge

What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Prior to the introduction of the EU GDPR, we had well-established procedures for assessing and awarding grant applications and processing claims to grant beneficiaries. Each charitable trust operates autonomously and whilst SFCT maintained overall responsibility for developing data protection policies and procedures for trust adoption we were uncertain whether these were implemented consistently and whether there were any compliance gaps.

How did you go about searching for the solution and services? One of our key requirements was to appoint a consultant that understood the charity sector and the challenges and risks associated with processing large volumes of personal data by different trust teams, and that could help us remediate any shortcomings pragmatically.

Please describe the reasons you decided to work with us. We spoke with several consultancies but we liked Evalian’s pragmatic and friendly approach. Our trust executives were immediately put at ease during the discovery phase and were confident that Evalian had a good understanding of our organisation.

Did you have any expectations going into the process? We had not appointed data protection specialists before. Rather than recruit and train an existing member of staff for a full-time compliance role we opted to appoint an independent subject matter expert to provide us with an independent and honest assessment of our data protection posture.

Solution

Can you describe the process we took your business through and anything you learnt about your own business through working this way? After an initial phase of discovery interviews with each trust executive, Evalian soon built an extensive knowledge base of our processing. Producing a detailed data map improved our understanding of personal data processing and associated information security risks. After a period of development, we now feel very confident in how we handle personal data.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? We are strong advocates for our trusts operating independently. evalian® helped us find the right balance between implementing core data protection policies and procedures whilst giving trusts the flexibility to continue to function without significant organisational change.

What changes did you make as a result of working with us? With Evalian’s assistance, we have built an internal data protection capability and an effective governance framework. Our newly formed data protection champions team feel engaged and interested in maintaining compliance with our data protection responsibilities.

Impact

What has been the most significant achievement for your business facilitated by working with us? Helping us understand the personal data flows, addressing potential risks and ensuring that our staff feel far more confident in dealing with data protection and information security.

What impact has the results from working with us had on your clients/stakeholders? Our improved data protection and information security capability give greater comfort to our trustees.

What do you hope to achieve in your future working relationship with us? We retain Evalian as our Data Protection Officer and for ongoing advisory support.

Learn more about our Outsourced DPO Services.