GDPR - Establishing scope of liability and compliance

Allied Commercial Holdings is a privately owned property development and financing business. As part of their business operations the have amassed a considerable amount of personal data relating to financial deals as well as a complex corporate structure with multiple overlapping trusts and businesses.

I was engaged by ACH to conduct a review of their position with regard to GDPR and provide advice and guidance on the actions required to bring them into compliance with the regulations.

Their clients position was complicated by the number of overlapping businesses and trusts within the organization and much of the work focused on unpicking these relationships and identifying where responsibility for compliance lay either with the business at a corporate level or with the directors at a personal level. This included establishing ownership of datasets, identifying the different data streams entering and leaving the business in relation to the different entities and the boundaries between them.

I helped the client to establish the scope of their liability under GDPR, the steps they needed to take in terms of managing their historical data and the separation of the data flows within the business and the different entities associated with it.