Health
Healthcare Services Provider
Data Protection Act gap analysis to highlight areas of non-compliance and recommended actions to enable alignment with best practice.
Related Pages
Outsourcing Specialist
The Client
A provider of specialist services to a number of well-known organisations.
The Challenge
Given that they process personal data on behalf of their client’s customers, our client determined the need to conduct an audit and sense check of the processing to provide senior management with the assurance that it was in line with the requirements of the UK’s Data Protection Act and related good practice.
The client did not have the required specialist knowledge internally, so called upon Teed to undertake this important audit as they recognised that Teed, who were already supporting them in relation to business continuity and disaster recovery, had the necessary real world experience of, and expertise in, data protection.
The Solution
Senior managers, managers and relevant specialists from across the organisation were interviewed using a standard questionnaire developed to provide consistency and focus. Consideration was given to how data was handled from the point of initial collection from the company’s clients through to its eventual destruction. A documentation review was then undertaken, involving all documents which related to the processing of personal data, including forms, files, reports, training material, voice scripts for phone calls etc. to determine the current level of compliance with the UK’s Data Protection Act and related good practice.
Once the interviews were concluded the information gathered was then analysed and collated. A report was then produced highlighting any areas of concern and recommendations arising and an action plan was developed with management. That action plan, which included the development and launch of policies for data protection and data retention plus updates to training material and existing documentation was then progressed and monitored to completion by the senior team.
The Result
Following this audit, senior management were confident that the personal data being processed on behalf of their clients was being processed appropriately and securely.