SMEs, charities and schools

Mid-size accountancy and consulting firm

Root-and-branch audit of privacy and cyber-security.

Client objectives

Client objectives: following a breach, get external advice on risk mitigation and best practice.

Securys

Securys conducted detailed interviews, process mapping and document review, we compiled a data catalogue and RoPa and identified processes requiring DPIA and/or LIA support. Comprehensive report with 90-day and long-term action plans presented at Partner Meeting. Now engaged to assist with remediation and provide ongoing privacy office function. Retained by Managing Partner.


Major charitable performing arts venue

Review and remediation of GDPR readiness.

Client objectives:

Client objectives: ensure that operations and fundraising are fully compliant with privacy legislation.

Securys

Securys conducted detailed interviews, process mapping and document review, we compiled a data catalogue and RoPa and identified processes requiring DPIA and/or LIA support; detailed report with risk dashboard and recommendations presented to Trustee Board. Securys provided support throughout the remediation process and are now retained as the venue’s Data Protection Officer. Retained by Head of Legal.


Large UK charity

Review and remediation of GDPR readiness.

Client objectives:

Client objectives: ensure that operations and fundraising are fully compliant with privacy legislation, including highly sensitive interactions with supported individuals and large volumes of special category data.

Securys

Securys conducted detailed interviews, process mapping and document review;  detailed report with risk dashboard and recommendations presented to Trustee Board. Retained by General Counsel and CISO.

Just a quick note to thank you for the first stage of your work with us, and the presentation to our Audit & Risk Committee which went very well and greatly re-assured the trustees.

Independent boarding school

Review and remediation of GDPR readiness.

Client objectives:

Client objectives: ensure that operations and fundraising are fully compliant with privacy legislation, and that privacy rights of children are respected in a complex and international context.

Securys

Securys conducted detailed interviews, process mapping and document review; we compiled a data catalogue and RoPA and identified processes requiring DPIA and/or LIA support; detailed report with risk dashboard and recommendations presented to governors and Head. Securys provided support throughout the remediation process and are now retained as the school’s Data Protection Officer. Retained by Bursar.


World-renowned classical music venue

Review and remediation of GDPR readiness.

Client objectives:

Client objectives: ensure that operations and fundraising are fully compliant with privacy legislation.

Securys

Securys conducted detailed interviews, process mapping and document review; we compiled a data catalogue and RoPA and identified processes requiring DPIA and/or LIA support; detailed report with risk dashboard and recommendations presented to Board. Securys continues to provide support throughout the remediation process and are now retained to provide a data privacy helpline. Retained by Director of Technology.


Major UK commercial theatre operator

Review and remediation of GDPR readiness and delivery of PCI-DSS compliance.

Client objectives:

Client objectives: ensure that operations and fundraising are fully compliant with privacy legislation and achieve full PCI compliance for all merchant channels.

Securys

Securys conducted detailed interviews, process mapping and document review; we compiled a data catalogue and RoPA and identified processes requiring DPIA and/or LIA support; detailed report with risk dashboard and recommendations presented to Board. On the PCI-DSS front, we worked with the merchant acquirer QSA to streamline merchant processes, introduce appropriate policies, procedures and technologies, and manage technology change. Retained by CFO.

Thank you for yesterday - we really felt that the presentation got the message across and found the dashboard set things out clearly. We’re working through the detail in the report and are excited that we have a clear set of actions to get us compliant.