London & Partners is the Mayor of London’s official promotional agency – they support the Mayor’s priorities by promoting London internationally, as a world-leading city in which to invest, work, study and visit. To achieve their objectives, they operate in five major business areas: leisure tourism, business tourism, major events, foreign direct investment and higher education.
Equantiis partnered with London & Partners to support it becoming compliant with the General Data Protection Act (GDPR) and to improve cyber security management.
London & Partners operates in a high–profile environment and recognises that this places it at high risk of being targeted by cyber crime activity. Key to the company’s success is maintaining strong partner relationships and a strong brand reputation, and trust is vital in this endeavour. Consequently, London & Partners recognises the need to maintain a strong security regime and a high–level of data privacy compliance.
London & Partners undertook a significant programme of work to support compliance with GDPR, which came into force in May 2018, but recognised the need to get an independent review to confirm sufficiency and identify opportunities for improvement.
London & Partners recognised that in undertaking this review it needed a partner that was independent and business focused, but also capable of understanding technology infrastructure. This was key to ensuring that the review was not just a checkbox exercise, but instead thorough, contextual and fact based.
London & Partners selected Equantiis to assist it in this project, and leveraged Equantiis’ GDPR and Cyber Maturity Assessment tools to support benchmarking compliance against regulatory readiness and maturity within similar organisations. Equantiis’ approach to GDPR compliance and cyber security draws on its legal, business and technology expertise, all of which were important to London & Partners.
Equantiis began the project by interviewing key members of London & Partners’ staff with two goals: First, to validate and raise the level of awareness of data privacy and cyber security across the organisation; and second, to gather qualitative data as part of a comprehensive discovery exercise that assessed London & Partners’ current data governance; processes; policies; and technology; for compliance. Separately, Equantiis worked with London & Partners’ staff to gather quantitative data on the same themes.
This multifaceted approach allows Equantiis to identify gaps and areas of excellence within current practices, policies and technology. For each gap identified, a roadmap is developed to provide a clear and concise route to improving the level of GDPR compliance and cyber security.
As a result of undertaking the Equantiis GDPR and Cyber Maturity Assessments, London & Partners was quickly able to understand the gaps, risk and opportunity in its current processes, policies, technology and training. More importantly, due to the way the assessment had been presented and articulated, the business was able to understand its obligations and the tasks required to reach compliance.
Equantiis’ GDPR and Cyber Security Maturity Assessments enabled London & Partners to:
- Understand gaps, risks and opportunities in current business practices in relation to GDPR and cyber security;
- Implement a clear directional roadmap of actionable tasks to transform business practices to improve compliance;
- Protect customer, employee and commercially sensitive data from abuse and/or misuse; and
- Protect the reputation of London & Partners as a trusted partner globally.