Splash Worldwide Media Ltd

Splash are a global marketing and creative production company. They were concerned that their understanding of GDPR was lacking, that they did not properly understand the scope of the data they had and what they used it for and that as a result they faced the risk of fines and repetitional damage.

I was engaged by Splash to conduct a review of their position with regard to GDPR and provide advice and guidance on the actions required to bring them into compliance with the regulations.

I conducted a number of workshops to produce a data map and data flow diagrams to establish and document the personal data they held, how they obtained it, why they held it, what they do with it and the legal basis on which they do so, in line with the requirements of GDPR. There was a particular focus on the use of personal data for marketing both under GDPR and PECR.

This was followed by a health check report on their internal processes and controls to identify areas of good practice and those where work was needed to bring them into compliance with GDPR. This included drafting policy and process documentation for them to adopt within the business to ensure that the rights of Data Subjects were clearly documented and processes in place to support them.

The results of the work with Splash enabled them to demonstrate that they had a clear understanding of the data they held, the reasons they held it and what they used it for. It put them in a position where they would be able to properly respond to an enquiry from the ICO and have processes in place to meet their obligations under the regulations.