A Case Study
DATA PROTECTION QUESTIONNAIRES
Wellers assisted with tailoring data questionnaires for every type of data the company holds to enable the business to provide information to Wellers about its own use of data by the company.
IDENTIFYING COMPLIANCE WEAKNESSES
By reviewing the completed questionnaires Wellers was able to identify areas where the company is failing to comply with data protection rules.
ASSESSING RISKS OF DATA PROTECTION BREACH(ES)
Once the areas of non-compliance were identified Wellers and the client assessed the risk(s) of the company breaching data protection law. In particular, they saw that the use of personal devices by employees was unrestricted which exposed the company to a significant risk of data breaches in the event of loss or misuse of these devices. Other failures were assessed in the same way.
IDENTIFYING COMPLIANCE SOLUTIONS
Having completed the previous steps Wellers worked with the client to identify solutions to every area of failure. These included putting a policy in place around the use of personal portable devices by employees, updating the data retention policy and instituting a training programme throughout the organisation.
PLANNING FOR THE NEW REGIME
Wellers identified numerous areas where the company needs to make changes to comply with the new data protection regime when it is effective in 2018. It agreed on a process and timetable for the introduction of these measures with the client including appointing a Data Protection Officer, breach response plan and issue of new customer information notices.
If you have any doubts about whether you comply with the incoming data protection regime please contact Parmjit Bhogal on 020 7481 2422 or email parmjit.bhogal@wellerslawgroup.com