Wilson James: GDPR Compliance

Digital due diligence to support future business needs.

Sector
- Private Sector

Wilson James is a leading security, construction logistics and aviation services provider with more than 5000 employees. Wilson James deliver solutions to clients operating across the aviation, construction, corporate, energy, manufacturing and technology industries.

The Challenge

Having undergone a period of unprecedented growth, Wilson James were looking to introduce additional due diligence and governance measures to support future business needs.

Like many entrepreneurial organisations, their IT solutions have evolved reactively using the most appropriate and cost-effective services available at the time. Consequently, some of the documentation, controls, processes, and procedures which would be considered best practice are lacking. There is a relatively high degree of dependency on the individuals who have built, and now maintain and manage, these resources and services.

This is now more significant considering the new GDPR legislation which requires all organisations to be more proactive and accountable for implementing data policies and procedures to be legally compliant.

We were appointed as independent advisers to undertake a workshop and consequently identify current vulnerabilities and risks within the organisation, relating to GDPR. This workshop exposed several issues, and some of which required immediate attention.

The Solution

We nominated two of our senior consultants, supported by our senior team, to undertake a workshop with Wilson James’ CIO to understand the current IT landscape and the potential impact of GDPR. This input was used to identify key risks and deficiencies, resulting in a high-level report which can be used by the Board to produce an action plan. The activities carried out by our team included the following…

An end-to-end compliance programme, from initial IT security and data compliance audit through to user training and awareness.

Developed project plan in collaboration with the HR, IT, and Marketing teams, for some analysis to understand the current processes, gaps and day-to-day operational issues.

Engaged system owners to complete a risk assessment and legitimate interest assessment on the core, high-risk systems.

Developed a robust governance structure along with standards, tools & templates.

Implemented a full GDPR policy and procedure suite including subject access requests, data breach notifications, emergency response plans, records of processing activities, consent management, privacy notices and model data processor clauses.

Ran a major awareness and communications campaign across the organisation: on site training for employees; senior team sessions on operationally securing their areas following GDPR principles; creation of postcards and posters for offices

Conducted a re-audit to assess change and identify further actions required.

The Results

A full compliance programme was run across the organisation, securing an uplift in compliance across all GDPR articles, from 23% to 70%.

Leading Resolutions helped us navigate through the minefield that is GDPR, bringing a focus on accountability, transparency and risk to ensure we were appropriately prepared and sufficiently protected with pragmatic and compliant policies and processes.

CIO, Wilson James