Eliminating 10 major GDPR risks in just three months for improved compliance.
In March 2018, Aquila knew they needed to prepare for GDPR, but were uncertain what PII risks they had, or what steps they needed to take to ensure they were managing personal data of employees and suppliers correctly.
We then worked collaboratively with Aquila’s Information & Security Manager to assign ownership to each risk and create an action plan. Alongside this, we created guidelines to update existing information policies, multi-media communication artefacts to raise staff awareness, an Employee Privacy Statement, and a Data Controller’s Register.
Over a three-month period, 10 of those were reduced to low risk or removed completely from the register. Aquila now has a library of information policies and registers to support their employees in understanding how they should collect, use, store, and either delete or archive information according to their business classification.
Aquila also now has an Employee Data Privacy statement that outlines its commitment to new employees regarding how their personal data will be treated. Creating these communication artefacts and running workshops with different stakeholders has meant Aquila is much more GDPR conscious.