Our client provides a SaaS platform through which their customers can host virtual events. Our client asked us to review their operations from a data protection compliance perspective and update their policies and processes as necessary.
Context and Challenge
The client was well organised and easy to deal with. The director we worked with had a very good handle on the processes in place in the business and was tech savvy.
We had to work to fairly tight timescales as our client was gearing up for some significant customer events.
We also had to find a solution around the privacy notices that event attendees would receive, taking into account that the data controllers of the events were our client’s customers.
Process and Insight
As with all data compliance projects we began by creating a data map that set out what personal data our client was collecting, where it was stored, who has access to it, lawful grounds for processing etc.
All our meetings with the client were conducted through video calls.
Having created the data map we were then able to start drafting the necessary policies and privacy notices and we updated our client’s contract templates to make them data compliant.
The company had been operating for some time and some key US suppliers had not adopted privacy standards that we would have wanted to see so we liaised with them and they updated their policies or we collaborated with the client to find found work-arounds.
We provided our client with all of the policies and privacy notices that they needed.
Through our due diligence we ensured that our client’s supplier were handling international data transfers appropriately.
To make things easier for our client to do business with its customers we created a privacy notice for event attendees that the customers could use if they didn’t wish to use their own.
Our client ended up with appropriate data policies and notices in place and, six months on since adopting these new standards, there have been no difficulties with our client’s customers, many of whom are large organisations based in the UK or overseas.