Business process review for GDPR

A large national charity asked us to review their GDPR arrangements for a major event that they run each year. The initiative was key to its business, making a big contribution to helping homeless people and rough sleepers. It also represented a significant income stream and helped raise awareness about the charity’s work. It involved thousands of volunteers working across multiple sites.

Our review focused upon the business processes for the area and on how the personal data is used, sourced, created or shared in its delivery and management. Our outputs combined traditional reporting methods with visual and colourful process maps, so that improvements could be quickly identified. This helped engage the senior managers of the charity and helped it ensure that it could meet its GDPR requirements. Specifically, we delivered: detailed maps of ‘data journeys’; updated and improved activity records that were GDPR compliant; and, a comprehensive risk register for the event.