CASE STUDY

South Somerset District Council

Providing strategic improvement for GDPR compliance

Overview

i3Secure began supporting South Somerset District Council (SSDC) in 2020, providing Data Protection as a Service consultancy, following successful selection as their preferred supplier. Over the course of 12-15 months, our expert Data Protection Officer improved their compliance posture and became an extended member of the team, adding value and knowledge within a short space of time.

 

The Challenge

The Council required support with UK GDPR compliance and was suffering from internal resource challenges. SSDC found the option to outsource Data Protection to i3Secure cost-effective when compared to recruiting a suitably qualified and experienced Data Protection Officer (DPO) recognising that it takes around 8 months to be fully effective and embedded into an organisation compared to a consultant who can hit the ground running immediately. 

The task was firstly, to assess the level of compliance at the Council by conducting a UK GDPR gap analysis. Following this, SSDC required a compliance strategy and roadmap.

Our Solution

Straight away, our DPO conducted a Data Protection compliance gap analysis and produced a management report with key findings and recommendations. 

Following a collaborative approach with their in-house teams, a Data Protection Compliance roadmap and strategy was produced for the Council. Once the documents had been approved by stakeholders our DPO took a hands-on approach to improving processes around FOI & Data Subject Rights handling, incident management and policy creation to name just a few. 

Over the course of the next 12 months the DPO made inroads into the areas earmarked for improvement whilst assisting with BaU activities such as DPIAs, DSARs, Incidents, FOIs and ICO Investigations

All of this was done on a remote basis over a period of 12 -15 months.

 

The Result

The Council’s compliance posture had significantly improved over the course of the contract and our DPO had become an extended member of the SSDC team. At the end of the initial contract term, i3Secure was asked to continue to support the Council for an additional few months until long-term plans to merge with a neighbouring Council had come to fruition, signalling a successful engagement for i3Secure.

At a Glance

  • Compliance strategy and roadmap created 
  • Gap analysis conducted and management report created for stakeholders
  • Assisted with DPIAs, DSARs, Incidents, FOIs and ICO Investigations
  • 12 – 15 month project 

 

‘i3Secure were appointed to meet our DPO responsibilities during a challenging period of transition for the authority, and within a very short period of time gained excellent credibility  within the organisation and became a trusted partner to the management team. Whether resolving immediate tactical challenges or helping us develop a strategic improvement roadmap around our information Governance, the approach was always customer focussed and highly professional. We are appreciative of the service provided through some challenging times.’

Lead Specialist People Performance and Change – South Somerset

Looking for Data Protection Consultancy?

We help navigate the legal and regulatory complexities of data protection regulations, enabling businesses to achieve their goals while ensuring legal and regulatory compliance is maintained.

 

Find out more