Case StudyAssurance Services
Targeted Data Protection Health Check

Context

The General Data Protection Regulation (GDPR) became legally effective from 25 May 2018 in all EU member states with equivalent legislation in Guernsey. The Data Protection (Bailiwick of Guernsey) Law 2017 allowed some deferrals for implementation until May 2019.

Through a GDPR Health Check, led by CBO in conjunction with the States of Guernsey Data Protection team, the purpose of the project was to review Guernsey Water’s existing data protection controls and develop procedures to embed States’ policies and enable full compliance with the new legislation. The aim was to reduce all identified data protection risks from medium to low by the end of the transition period. CBO was also asked to ensure that an appropriate action plan was in place to enable ongoing compliance beyond project close.

CBO’s Approach

CBO’s objectives were to ensure that:

  • there was a reviewed and scored Risk Register;
  • a detailed Implementation Plan was established, aiming towards May 2019;
  • a high-level data audit was completed, identifying areas of non-compliance;
  • ongoing project governance set-up and documentation was in place; and
  • the project could be effectively handed over to internal staff for delivery.

CBO worked collaboratively with Guernsey Water and the States Data Protection team to achieve these objectives, and put the appropriate measures in place to ensure ongoing compliance beyond May 2019.

CBO’s Impact

Guernsey Water has a clear understanding of the personal data it holds and has identified and sufficiently mitigated risks to GDPR non-compliance. This protects the company from the financial and reputational risks of non-compliance.

 “CBO had expertise and experience from similar projects elsewhere, which complemented the expertise of our Data Protection Officer. We were fortunate in that much of the policy work had already been completed, but embedding the new policies within Guernsey Water required significant input from ourselves and this needed co-ordination and focus. The project management and governance put in place by CBO achieved this and enabled successful delivery within the required time. Along with their collaborative approach, this was the real strength that they brought to the project.”

Steve Langlois, General Manager

More assurance services articles

Case Study
Data protection health check for Guernsey Mind

Guernsey Mind Guernsey Mind is an independent mental health charity, promoting positive mental health for the community by providing free mental health services as well as raising overall awareness. In the day-to-day running of the charity, Guernsey Mind processes and holds a wide range of personal data. The effective protection, security, and controls over of […]

Insight
Data Protection Health Checks

Data Protection Health Checks Bringing clarity and confidence to your data protection controls.   When processing personal data, it is vital for businesses to ensure that the appropriate safeguards and controls are in place, and that they are effective. This is critical in order to build and maintain customer trust and to avoid both financial […]

Case Study
Targeted Data Protection Health Check

Context The General Data Protection Regulation (GDPR) became legally effective from 25 May 2018 in all EU member states with equivalent legislation in Guernsey. The Data Protection (Bailiwick of Guernsey) Law 2017 allowed some deferrals for implementation until May 2019. Through a GDPR Health Check, led by CBO in conjunction with the States of Guernsey […]

Blog Post
Data Protection project – done and dusted?

Privacy policy on the website updated – Tick Data protection policy updated – Tick Communications sent to staff about data protection – Tick Training rolled out to staff – Tick Cue the sigh of relief on 25th May 2018 as GDPR is done with, right? Not quite… The EU legislation, as well as the local […]

Fancy a chat? Get in touch with CBO today to discuss how we can help