Tiege was contacted by a client to establish a GDPR implementation process, ensuring compliance with UK and EU data compliance regulations (EU GDPR).

Before our involvement, personal data of parishioners’ personal details, such as mobile telephone numbers, bank/payment details, photographs etc were stored on a manual database. The major challenge with the manual system was the lack of data security, ineffective processing of data and missing out on the advantages of technology in data security and storage. The timescales to deliver the project was 6 weeks. Due to the time and cost constraints within this project, we got to work immediately recommending that the client speed up data entry, secure data using a password  and make quick modifications resulting in a more effective data processing system. We also introduced a laptop/computer system and trained staff in the use of MS Office. We advised the board about data protection risks and the benefits of GDPR compliance and designated a data protection officer to manage data security. After a thorough understanding of the kinds of data processed by the client, we conducted a risk assessment and detailed gap analysis. We then established policies and controls to detect, report and investigate personal data breaches and trained staff to understand the importance of data protection and the procedures which had been implemented to ensure compliance. The benefits included more efficient handling of personal data, establishment of policies to ensure GDPR compliance, training of staff, and transparency in the use of client data.