FitFlop was founded in 2007 by Marcia Kilgore with an objective to create the most comfortable shoes in the world through the perfect combination of biomechanics, comfort and fashion. With innovative footwear that is as comfortable as it is stylish, they have built-up a loyal customer base with tens of millions of pairs having been sold in over 66 countries.

The Challenge

The company, based in London, is principally a wholesaler selling stock to prestige stores such as Harrods and John Lewis in the UK. However, a direct retail website built around the Hybris solution, has recently been developed with ambitious plans to grow the business through digital channels, and to target a younger audience.

Being a relatively young and very entrepreneurial company, the systems and processes used within FitFlop have grown organically. Consequently, weaknesses and vulnerabilities were recognised, which the management team wanted to identify and remedy.


There was also a need to comply with GDPR, which was coming into force in the near future, and so, the company had to make several changes to ensure they were GDPR compliant by the May 2018 deadline.

Leading Resolutions was engaged by FitFlop to complete a ten-day study to inform the Board on the current and potential security risks from both a cyber and internal systems perspective. The resulting report provided the Board with a prioritised ‘to do’ list to address these risks, applicable to a retail business.

The Solution

We nominated one of our senior security consultants, supported by our senior team, to undertake a 12-15-day review. Using the GDPR, PCI and ISO270001 frameworks, a gap analysis was assessed against the current policies, technologies, processes, and documentation to identify any risks and deficiencies.

The gaps were qualified and prioritised, along with an assessment of the necessary actions.

This was completed through data gathering and interviews with employees, key partners and a high-level examination of available documentation.


The Results

Leading Resolutions produced a high-level report which was used by the Board to produce an action plan in order to become GDPR compliant. We provided ongoing assurance of the action plan and engaged to conduct a follow up audit to measure progress.

The GDPR expertise and knowledge demonstrated by Leading Resolutions was exceptional, and their success in rising to the compliancy challenge provided a quick and cost effective way for us to gain confidence in the work we had undertaken and ensure there are no gaps in our ongoing compliance plan.
Kevin O'Brien
Global IT Director