Our part-time CTO was in pivotal in GDPR compliance solution implementation for a specialist lending services provider.
Company Profile
Part of the Nat West Group, this company offers specialist lending services in the UK’s construction sector. As an FCA-regulated business, it requires robust, secure, and auditable systems, especially for handling subject access requests and data destruction in compliance with GDPR regulations.
CEO’s Mission
With an eye on the future and GDPR regulations, the company sought to extend its email archiving capabilities to include unstructured data like file shares. The objective was to ensure compliance by being able to interrogate various data forms, including spreadsheets and application data structures, for subject access requests.
CTO’s Objectives
- Identify potential suppliers for the complex GDPR compliance solution.
- Liaise with these suppliers to discuss current systems and explore additional solution options.
- Report back to the CTO, exploring solutions, and selecting a supplier.
- Collaborate with the chosen supplier and the in-house team to maximise the benefits of the chosen solution.
What the CTO Did
Led Supplier Selection for the Chosen Solution
The CTO met with several potential suppliers, facilitating solution demonstrations and engaging stakeholders and the IT team in detailed discussions. The goal was to extend the email archiving and searching capabilities to include all data stored in the company’s databases.
Reviewed Potential Offerings and Selected a Supplier
After allowing each supplier to demonstrate their solutions, the CTO conducted a workshop, scoring each solution against a predefined matrix. This process led to the selection of the final GDPR compliance solution implementation.
Worked with Chosen Supplier to Implement the New Solution
The selected GDPR compliance solution implementation achieved several critical objectives:
- It extended the existing email archiving solution.
- The solution worked across unstructured data in SQL databases, spreadsheets, and other office documents.
- It enabled the business to efficiently perform Subject Access Requests (SARs).
- The solution also supported monthly reporting to the FCA on individual requests.
- It facilitated the secure destruction of data upon individual requests.
The implementation of this GDPR compliance solution not only ensured regulatory compliance but also enhanced the company’s ability to manage data securely and efficiently, reinforcing its commitment to both regulatory standards and customer trust.