ComplyAdvantage

At the point where a company begins to scale, it’s a good time to look at GDPR compliance. For every company there is the risk of fines and investigations but there are day-to-day concerns such as legacy data and Subject Access Requests. Trying to rectify mistakes and implement processes can become more difficult later down the line when the company has grown and gaps have become wider.

As a fast-growing company, ComplyAdvantage was starting to work with more and more sophisticated clients who expect a higher level of demonstrable GDPR compliance. They also wanted to create scalable GDPR processes for the company as it grows.

The legal team, headed by Sally Britten, decided that it was time to run an internal GDPR audit to find any gaps and get their processes up to scratch. They considered a range of suppliers but decided to go with Lexoo for our cost-effective offering and focus on business goals and outcomes.

To secure the budget for the project, we created a business case for Sally to share with her CFO;

As with any project, our goal is to make the process as easy as possible for our clients. So when the project got the green light we organised a kick-off call with Sally to agree on the timelines and how we’d like to work together. We agreed to;

Set up a Slack channel for general communications, updates and check-ins to prevent a barrage of email chains and to make communications frictionless;
Work in Google Docs as that is how the team likes to work internally; and
Schedule a weekly call where we could catch up on the project, and if there was nothing to discuss, we’d simply cancel it.

A GDPR audit involves input from internal stakeholders across a number of departments such as human resources, sales, IT and marketing. To collate information about the status quo quickly and efficiently, we created a tailored questionnaire that was circulated to the relevant stakeholders.

Once the questionnaires were completed, we arranged follow up calls with each stakeholder so our data protection specialist could get the extra information and context required to tailor his report to the company’s risk profile.

The internal team reported that the process “wasn’t nearly as painful as they expected”.

With the information we gathered, our lawyer was able to compile a gap analysis of ComplyAdvantage’s GDPR compliance, which covered the current position, gaps and remedial action points.

The Lexoo team designed a clear, business friendly deliverable so our lawyer could set out his findings in a format suitable for Sally and the other internal stakeholders. We wanted Sally to be able to share the report internally without needing to rework or explain the document.

Every company’s risk profile is different so there is no one-size-fits-all approach to implementing a remediation strategy. That’s why we plotted each remedial step in the report against the company’s internal risk scoring system so they could prioritise the most urgent, high risk steps.

When to run a GDPR audit

Company

Project kick-off

Co-ordinating internal stakeholders

Delivery

Get in touch with us