Institute of Directors – GDPR

iodgdprfeatured.jpg

Embedding a Data Privacy Culture

The Institute of Directors is a business organisation for company directors, senior business leaders and entrepreneurs. It is the UK’s longest running organisation for professional leaders, having been founded in 1903 and incorporated by Royal Charter in 1906.

Equantiis partnered with the Institute of Directors to support them in becoming compliant with the new General Data Protection Act.

The Challenge

The Institute of Directors (IoD) aims to develop long standing relationships with its members. It recognises that trust is vital to securing lasting relationships and it works continuously to strengthen this trust.

With the General Data Protection Regulation (GDPR) coming into force in May 2018, the IoD recognised the opportunity to undertake a strategic review of how data is managed, handled and used.

The IoD also sought to align this work with its Royal Charter of promoting professionalism in business. To this end, it wanted to lead by example in setting a ‘gold standard’ for how all businesses should endeavour to meet the new regulation.

The Solution

The IoD recognised that in undertaking this review it needed a partner that was independent and business focused. This was key to ensuring that the whole of the IoD understood that the GDPR has a business-wide impact and to dispelling the myth of it being an IT driven initiative.

The IoD selected Equantiis to assist in this important project, beginning with raising awareness and understanding of what the GDPR is and how it is expected to impact businesses. It was deemed important to illustrate the benefit the GDPR brings to data subjects as customers and understand how the IoD could leverage it as an opportunity.

Equantiis’ approach to GDPR compliance draws on its legal, business and technology expertise. Equantiis uses a GDPR readiness approach to support organisations in benchmarking their compliance against regulatory readiness and maturity within their sector peer group.

Equantiis commenced the project by conducting a comprehensive discovery exercise that assessed the IoD’s current data governance, processes, policies and technology for compliance.

The IoD’s staff were engaged at the beginning of the process with a briefing, enabling the myths and misconceptions to be corrected. The staff were then empowered to understood the context of the work and the facts on which decisions can be based.

Equantiis also interviewed key members of the IoD’s staff and, utilising Equantiis’ GDPR assessment tool, gaps within current practices, policies and technology solutions were identified. For each gap a roadmap was developed with the IoD to provide a clear and concise route to achieving compliance.

 

The Outcomes

From undertaking the Equantiis GDPR readiness assessment, the IoD was quickly able to understand the gaps in its current processes, policies, technology and training.

More importantly, due to the way the assessment had been presented and articulated, the business was able to understand its obligations and the tasks required to reach compliance.

Equantiis’ GDPR readiness assessment tool enabled the IoD to:

  • Understand the organisation’s readiness for GDPR and its impact on the business’ processes, services and applications
  • Define gaps in current business practices and create a prioritised roadmap to achieve GDPR compliance
  • Protect users and customer data from abuse and/or misuse
  • Implement a plan of actionable tasks that the business could undertake to ensure compliance
iod-logo.png

"IoD’s vision is to be the exemplar of GDPR for other business to aspire to. Equantiis played a critical role in helping us identify how we achieve this and embed a Data Privacy culture into our organisation.”

Operations Director
IoD

You May Also Like

iodcyberthumbnail-586x597.jpg

Equantiis undertook an investigation into the IoD's Cyber Maturity and produced a roadmap to guide their efforts in attaining the certification.

rpsthumbnail-586x597.jpg

Equantiis aided RPS in ensuring organisation wide GDPR compliance.