Our part-time CTO was in pivotal in GDPR compliance solution implementation for a specialist lending services provider.

Company Profile

Part of the Nat West Group, this company offers specialist lending services in the UK’s construction sector. As an FCA-regulated business, it requires robust, secure, and auditable systems, especially for handling subject access requests and data destruction in compliance with GDPR regulations.

CEO’s Mission

With an eye on the future and GDPR regulations, the company sought to extend its email archiving capabilities to include unstructured data like file shares. The objective was to ensure compliance by being able to interrogate various data forms, including spreadsheets and application data structures, for subject access requests.

CTO’s Objectives

  • Identify potential suppliers for the complex GDPR compliance solution.
  • Liaise with these suppliers to discuss current systems and explore additional solution options.
  • Report back to the CTO, exploring solutions, and selecting a supplier.
  • Collaborate with the chosen supplier and the in-house team to maximise the benefits of the chosen solution.

What the CTO Did

Led Supplier Selection for the Chosen Solution

The CTO met with several potential suppliers, facilitating solution demonstrations and engaging stakeholders and the IT team in detailed discussions. The goal was to extend the email archiving and searching capabilities to include all data stored in the company’s databases.

Reviewed Potential Offerings and Selected a Supplier

After allowing each supplier to demonstrate their solutions, the CTO conducted a workshop, scoring each solution against a predefined matrix. This process led to the selection of the final GDPR compliance solution implementation.

Worked with Chosen Supplier to Implement the New Solution

The selected GDPR compliance solution implementation achieved several critical objectives:

  • It extended the existing email archiving solution.
  • The solution worked across unstructured data in SQL databases, spreadsheets, and other office documents.
  • It enabled the business to efficiently perform Subject Access Requests (SARs).
  • The solution also supported monthly reporting to the FCA on individual requests.
  • It facilitated the secure destruction of data upon individual requests.

The implementation of this GDPR compliance solution not only ensured regulatory compliance but also enhanced the company’s ability to manage data securely and efficiently, reinforcing its commitment to both regulatory standards and customer trust.

The Results

  • Rolled out the new solution in conjunction with the chosen supplier 
  • Demonstrated to the business and the FCA that the solutions were in place 
  • Successfully implemented a procedure within the business for SAR’s. 
  • The business is now confident that it meets the needs of the GPPR requirements.