Can you describe your role in the business? My role as Chief of Staff can be split into three key areas.
Firstly, I am the ‘right-hand’ woman to Dan Ziv, our CEO, and my core responsibility is to oversee general operations – essentially the eyes and ears across all areas of the business with the ability to get hands-on at any moment to provide direction as a trusted advisor and partner to all the organisational leaders.
My second key role is to help the company and teams focus, plan and align for the future and success of the business. I have spent the last few months getting people together to strategize, set our objectives and subsequently define what is most important for us to deliver on this year. Subsequently, I act as a de facto Portfolio Director across the major strategic programmes.
Last but not least, I get the excitement of taking on a variety of other special projects – from leading our GDPR Audit, liaising with Legal, and jumping in at any point to create process improvement and clarity on our operating model.
So, have you been in charge of the data protection side of things? With respect to data protection, I have taken the lead on centralising our intelligence, policies and procedure – as well as ensuring there is alignment and cross-functional understanding.
What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? We had last had a GDPR audit in 2018 when the UK GDPR was put in place. When I had joined mid-2021, as part of my business operational role, I determined that we needed to do a review of that audit, the follow on remediation activity and a general health check on our policies and procedures.
How did you go about searching for the solution and services? Legal Edge recommended 3 different companies to TouchNote which I evaluated as options in addition to the company we had previously used in 2018
The reasons you decided to work with Evalian®? It was a combination of expertise, pricing and the overall package provided. Evalian consultants are SME’s with extremely experienced backgrounds such as lawyers and former ICO staff. The additional provision of DPO as a service was great as we didn’t want to have that person in house given the small size of our company.
Did you have any expectations going into the process? We knew we wanted a person or a company that was a bit more polished and seemed committed to supporting beyond the audit itself and that would make themselves available to assist in the remediation process, not just “here are the problems” and then not support afterwards.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? There was an introductory call and then I worked with Sandy to identify who she needed to speak to within Touchnote and set up those calls. Evalian made it all straightforward. Generally speaking, we are very aware of data protection and take it very seriously. We realised that the task of creating and updating documentation and then creating processes can get lost in a small organisation when you’re really busy.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? Because we are a small organisation, we don’t have one specific function that owns data protection, so the challenge is making the time with various people to push things over the line. We have found the DPO service has been really valuable as we can fire out a question at any time and get that validation quickly.
What changes did you make as a result of working with us? We have been tightening up policies and procedures and making sure we have certain data processing procedures in place with partners. We’ve also been documenting and tightening up a little bit in terms of Data subject access rights and making sure everything is in one place. It’s a journey, but the GDPR essentials course that Evalian has provided has been valuable, everyone has taken it and it’s helped bring data protection to the forefront of people’s minds, having good data hygiene, and making sure everyone’s on the same page.
What do you hope to achieve in your future working relationship with us? We hope to continue to embed good data protection practices within the company. We have some training sessions in the diary with Sandy and Evalian soon which will be really useful!
Learn more about our GDPR & DPO services.