Our Journey through GDPR compliance:
Five years back, a chance conversation with our Chief Growth Officer over a post-match drink in our local cricket club resulted in me being hired to manage the finance function in Monsoon Consulting on a part-time, one-day-a-week basis. A South African Chartered Accountant, my background is in financial management and in particular the development and improvement of SME finance processes and Monsoon and I were a perfect match in that regard.
It quickly became clear that, thanks to the significant recent growth in our business, a full-time head of the finance and administration department was a necessity – and I jumped at the chance to join the team 24/7 back in February. And by extension, I jumped straight into the General Data Protection Regulation (‘GDPR’) process.
Having overcome the initial reservations and anxiety that which I am assured by anyone I have spoken to around the process is entirely natural, we formed a GDPR task team and got to work.
At Monsoon we have always prided ourselves at achieving excellent standards in Data Protection. GDPR has after all been law in some form or other for decades already.
The main question was – what, if anything, can we be doing better and how can we leverage GDPR to elevate an already professional organisation to the next level and thereby enhance our efficiencies?
The starting point was to ensure that we understood exactly what obligations GDPR put on our organisation. From the beginning it was clear that we were compliant in the areas of data security, breach management, access requests etc. What we needed to know was how good were we at documenting our policies and processes and did our staff and other stakeholders fully understand their roles and responsibilities in this regard?
Having engaged an external consultant to hold our hand through the process, we got stuck in! There were numerous debates (some heated), countless meetings and lots of caffeine but the results have been worth all of the effort. Huge credit has to go to our Infra-head Phil Franks as well as Kevin Gough, our Services Delivery Manager and Elaine Munnelly, our Support Lead. their diligence under the guidance of our CEO, Bharat Sharma was invaluable to the success of the project.
What’s new is, inter-alia:
enhanced Privacy and Cookies Policies, both available on our website;
improved communication with staff via presentations and publication of policy and procedure documentation;
Improved internal office and logistic processes and structures around physical and electronic storage of documentation, email policies etc, all of which is designed to ensure that we are held to the highest standards as a data controller;
formalisation of our (and our client’s) understanding of the relationship between us as a data processor and our clients as data controllers; and
the appointment of a single person who has overall responsibility for Data Protection and GDPR compliance.
What’s not new is our ongoing commitment to ensuring the privacy and security of information provided to us and ensuring that the provider has full control over that data.
The privacy and security of data is enormously important to Monsoon and always will be. But we made a decision early on in our GDPR journey that we were always going to be about more than compliance. Monsoon has also adopted the spirit of the GDPR regulations and are striving to achieve data protection by design. But most exciting of all, GDPR is also our springboard onto the journey towards ISO 9001 acquisition – an adventure which commences on Friday.