New report into US privacy. Download here
Menu

We provide services for Enterprise, SME, schools and Charity organisations. Whether you need a global data audit or targeted help in a specific geography or function, Securys will work with you to embed data privacy across your organisation.

Case study

DPO as a service: Hospitality & Leisure

iStock-1653367069 - low

Background:

A large luxury hotel chain, handling requests from customers across the Caribbean, the Unites States, Canada and Latin America recently contacted Securys for support. Their need was twofold. Firstly, the organisation tasked Securys with assessing their operating practices and developing a remediation programme to bring the entity into compliance with the Data Protection Act. Secondly, the organisation needed to establish the delivery of the Data Protection Officer service. 

Our approach:

In order to identify compliance gaps and divergence from best practice, Securys began by conducting an extensive review of existing data privacy related documentation such as policies and procedures, website privacy and cookies consent notices, forms used to gather customer data, and any documented processing practices.

The use of a questionnaire and an interview-driven data mapping exercise enabled the team to compile a comprehensive Data Catalogue and Record of Processing Activities (RoPA), as well as a supplier catalogue. 

Securys also handled the compilation of required regulatory documentation including registration preparation, Data Protection Impact Assessment, Legitimate Interest Assessments, and Transfer Impact Assessments.

Given the organisation’s use of multiple third-party vendors, the engagement also included the review of suppliers on a risk-prioritised basis to ensure that supplier and customer contracts henceforth incorporate the appropriate data protection provisions. 

Focus then shifted to the drafting and publication of an internal privacy policy as well as public and employee privacy notices, together with recommendations for improvement to internal processes. This provided alignment with the requirements of the Data Protection Act and paid particular attention to data retention, data minimisation and access control. 

Results:

The Securys project team worked collaboratively with key stakeholders to build an understanding of privacy risks, developed a detailed plan to address the identified risks with specified deliverables, and then executed against that plan. The tangible outcome of this engagement is a privacy programme that is compliant with the Data Protection Act including policies, procedures and other programme artefacts in place to demonstrate compliance.

Act now and speak to us about your privacy requirements

Start a conversation about how Privacy Made Practical® can benefit your business.

Click here to contact us.

Back to top