RSM Australia

GDPR Case study - Charity

RSM firm: UK
RSM contact: Steven Snaith

Bringing RSM’s ideas and insight – the work we carried out

We delivered a GDPR controls gap analysis for this organisation with a remit that included the following:

  • data protection strategy and planning
  • data protection policies and procedures
  • raising of data protection issues for consideration by the senior management team
  • data protection staff awareness
  • information risk register framework
  • allocation and designation of data owners
  • co-ordination of data protection responsibilities
  • data breach incident response planning
  • data breach investigations
  • data protection training (guidance and delivery)
  • data protection impact assessments
  • data protection audit requirements
  • information governance activity coordination
  • data retention processes
  • data consent capture mechanisms
  • data security controls
  • data protection board reporting
  • fair notice requirements

The output of this review was a detailed report setting out gaps in procedures that needed to be addressed to assist the organisation in meeting GDPR requirements.

Understanding our client – the benefits

GDPR case study - charity

The remediation plan and supporting advice provided by RSM has led to an improved control framework that more closely aligns with GDPR requirements.

Moreover, an initial focus on data mapping identified a number of repositories of personal identifiable data that were not sufficiently protected. The implementation of the corresponding recommendation led to the related risk of a data breach being reduced.

More GDPR case studies >>