Case StudyRisk and Regulatory
Targeted Data Protection Health Check

Context

The General Data Protection Regulation (GDPR) became legally effective from 25 May 2018 in all EU member states with equivalent legislation in Guernsey. The Data Protection (Bailiwick of Guernsey) Law 2017 allowed some deferrals for implementation until May 2019.

Through a GDPR Health Check, led by CBO in conjunction with the States of Guernsey Data Protection team, the purpose of the project was to review Guernsey Water’s existing data protection controls and develop procedures to embed States’ policies and enable full compliance with the new legislation. The aim was to reduce all identified data protection risks from medium to low by the end of the transition period. CBO was also asked to ensure that an appropriate action plan was in place to enable ongoing compliance beyond project close.

CBO’s Approach

CBO’s objectives were to ensure that:

  • there was a reviewed and scored Risk Register;
  • a detailed Implementation Plan was established, aiming towards May 2019;
  • a high-level data audit was completed, identifying areas of non-compliance;
  • ongoing project governance set-up and documentation was in place; and
  • the project could be effectively handed over to internal staff for delivery.

CBO worked collaboratively with Guernsey Water and the States Data Protection team to achieve these objectives, and put the appropriate measures in place to ensure ongoing compliance beyond May 2019.

CBO’s Impact

Guernsey Water has a clear understanding of the personal data it holds and has identified and sufficiently mitigated risks to GDPR non-compliance. This protects the company from the financial and reputational risks of non-compliance.

 “CBO had expertise and experience from similar projects elsewhere, which complemented the expertise of our Data Protection Officer. We were fortunate in that much of the policy work had already been completed, but embedding the new policies within Guernsey Water required significant input from ourselves and this needed co-ordination and focus. The project management and governance put in place by CBO achieved this and enabled successful delivery within the required time. Along with their collaborative approach, this was the real strength that they brought to the project.”

Steve Langlois, General Manager

More risk and regulatory articles

Case Study
CBO support Ravenscroft with Risk Management Framework

Context Ravenscroft engaged CBO’s assurance services to help them mature their Risk Management Framework (“RMF”) to ensure that it was fit for purpose to demonstrate effective risk management and risk oversight. Ravenscroft’s Chief Risk Officer (“CRO”) had a desire to mature the RMF, thereby documenting and evidencing how the elements of the RMF work together […]

Blog Post
Data Protection: Five years on from GDPR

Since GDPR and the Channel Islands data protection legislation were implemented 5 years ago, personal data has become increasingly valuable and its protection more critical than ever before. Getting it wrong can be costly – for your reputation and your pockets. We sat down with Ed Mason-Smith, data protection expert and director here at CBO, […]

Case Study
Operational Resilience project supports First Central Group to achieve regulatory compliance

Context In March 2021 the Financial Conduct Authority (FCA) issued its final rules requiring firms within the UK’s financial sector to ensure operational resilience. CBO supported First Central Group, a Guernsey-based UK motor insurance provider, to achieve and evidence compliance with the FCA’s rules. Approach CBO provided project management and business analysis resource to support […]

Case Study
Client data project helps financial services business meet regulatory requirements

CBO supported a locally-based independent fiduciary and fund administration business to deliver a project driven by regulatory requirements. After a period of sustained growth, the business identified the need to enhance the efficiency of its existing processes, policies and systems relating to client data management and reporting capabilities. Identifying an opportunity, the client engaged CBO […]

Case Study
The Medical Specialist Group

The Medical Specialist Group The Medical Speciality Group (MSG) is a Guernsey-based organisation providing secondary health care and services to islanders across a broad range of specialisms. In the provision of these medical services, the MSG processes a large volume of extremely sensitive personal data where adequate controls of data and processes are needed to […]

Case Study
Data protection health check for Guernsey Mind

Guernsey Mind Guernsey Mind is an independent mental health charity, promoting positive mental health for the community by providing free mental health services as well as raising overall awareness. In the day-to-day running of the charity, Guernsey Mind processes and holds a wide range of personal data. The effective protection, security, and controls over of […]

Fancy a chat? Get in touch with CBO today to discuss how we can help