The challenge

A leading mortgage provider was struggling to prepare for GDPR. Data was stored both electronically and in hard copy, with many historical records stored off-site. What’s more, records were generally stored without a time limit. Our client knew its data management systems weren’t up to scratch, but it didn’t have the expertise or extra resource to dedicate to the project. With the GDPR implementation date looming and limited help from the ICO, it needed expert guidance on where it should focus its efforts.

Our solution

Initially, we carried out a thorough data review to understand on our client’s current standing. This included:

• Inventory and data mapping to give an accurate overview of the pattern of data-flows.
• Review of governance structure, controls and relevant policies and procedures.
• On site interviews with key members of staff as well as the senior management team.
• Review of the new digital data management system that our client had selected.

When we benchmarked our findings against GDPR requirements, we uncovered a host of issues that needed to be addressed, primarily:

• Inconsistencies across the business in the way data and data breaches are handled.
• Outdated privacy statements and policies.
• Gaps in the process for recording and managing consent, and in the data subject access request process.
• Deficiencies in the new digital data management system around effective data minimisation, anonymisation, portability and deletion.

Having identified the key priorities, we then created a detailed implementation plan. Our clear game plan took the pressure off our client’s team, allowing it to easily make the required changes before the GDPR deadline and ultimately better protect its customers’ data.

The TCC Difference

• Our experience of helping firms navigate regulatory change meant that our client could adequately prepare for GDPR without stretching its existing resource.
• Because of our expert advice, our client made a number of improvements to the way it handles customer data. By default this makes it more efficient, brings about better customer outcomes and avoids regulatory action in the future.