White Stuff had expanded rapidly over recent times and was looking to expand into various European countries. Given its speed of expansion some of its IT infrastructure was creaking and given the different data protection laws in Europe, it was concerned that it did not fully understand the potential risks or the costs of any mitigating actions.
We initially took the client on a journey of what the DPA was, its scope and how legislation differed by country. We then held a series of stakeholder interviews to better understand ways of working and identify where customer data resided.
We then looked at all locations where customer data was believed to sit including in-store, personal machines, servers and various databases and reviewed if DPA best practice was being followed.
We also looked at accountabilities and how potential DPA risks/issues were being managed currently and if indeed there was an infrastructure in place to manage this.
New policies surrounding data were implemented and White Stuff expanded safe in the knowledge that they were meeting relevant legislation.