Context 

The General Data Protection Regulation (GDPR) became legally effective from 25 May 2018 in all EU member states with equivalent legislation in Guernsey. Through a GDPR Regulation Programme managed by CBO, First Central Group (FCG) sought to support all Group companies to comply with the legislation before it came into force, and to put appropriate measures in place to ensure ongoing compliance beyond project close. 

CBO’s Approach 

CBO’s objectives were to ensure that: 

• governance arrangements were put in place so that Group companies are compliant with the GDPR; 
• processes and technology were amended so that customer data can be managed in line with GDPR legislation; 
• supplier management was enhanced so that third parties using or storing FCG’s customer data do so in line with the legislation; 
• the Group’s HR IT systems and practices were developed to enable the management of employee data in line with the legislation; and 
• ongoing compliance was assured following completion of the project. 

 CBO’s Impact 

Across the Group, staff are aware of the requirements of GDPR and the organisation is compliant with the legislation, as are all suppliers using or storing customer data. These measures protect the company from the financial and reputational risks of non-compliance.  

“CBO was an excellent choice of partner in this project, ensuring FCG was able to deliver and complete on time and within budget. Working alongside our own Subject Matter Experts, CBO demonstrated their detailed understanding of the legislative changes and new requirements for our business, ensuring that each work stream understood their own objectives and deliverables ahead of the 25th May target. Any project issues were considered and addressed promptly, and any open risks were recognised and transitioned to Business as Usual after the programme closed down. All in all, this programme was used as an excellent example by FCG internally as to how such programmes should be run!”  Mike Leonard, Chair of FCG