The Energy Industries Council (EIC) delivers high-value market intelligence to members through its online energy project database, and via a global network of staff who work in-the-field to provide qualified regional insight.
WHAT WAS THE PROBLEM?
With the new data protection law (the General Data Protection Regulation) coming into effect in 2018, the EIC wished to get a head-start on its preparations for compliance. As a multi-jurisdictional organisation, the EIC required a pragmatic gap-analysis to be undertaken of a relatively complex legal set-up to help achieve its goals for GDPR compliance.
WHAT DID WE DO?
We used our innovative approach in developing practical and commercially-relevant solutions and undertook a bespoke gap-analysis for the organisation. We employed a hybrid model that combined the two main ICO-recognised types of DP audit: adequacy and compliance. An adequacy audit looks to see if the various documentation is in place that one would expect. A compliance audit is a much more in-depth review of an organisation’s actual compliance in practice and requires interviewing staff as well as looking at various areas/aspects of the organization (e.g. HR, marketing, IT, training & awareness, 3rd party contractual relationships, data exports, etc.).
Following an evidence gathering exercise and on-site interviews with key staff members, we were able to deliver an ICO-style “traffic-light” report for use by the senior members of the EIC board to inform their on-going compliance strategy.
For more information on the relevant areas mentioned in this case study, please click below: