Xcina Case Study

GDPR Gap Analysis and Remediation for International Bank

The client

The UK subsidiary of a major African bank providing cross border trade and investment services to institutions, corporates and individuals, and acting as the connecting hub between the parent firm and its partners.

The work

With a time limit set for GDPR compliance of the end of May 2018 the bank’s executive management wanted to determine their precise compliance position with regards to the updated regulation and then define and execute a remediation plan to ensure they achieved a state of readiness before the deadline

How we helped

Our experienced Data Protection practitioner assessed the bank against the full scope (99 articles) of GDPR and established their degree of compliance status against each. In a formal report to management, we identified where gaps existed and made detailed and client-specific recommendations for closing them. Our consultant then worked with the bank’s Chief Technology Officer and their Programme Management Office to establish a formal remediation project. On-going subject-matter expertise was also provided to enable successful delivery of the remediation activities.

Value added

Our subject matter expertise and input allowed management to take an efficient, risk-based approach to delivering remediation activities, achieving a position of readiness in advance of the deadline and establishing a robust defensible position in respect of the bank’s GDPR compliance programme. We were also able to provide direct input to formulation of new policies and procedures to ensure alignment to industry good practice. In this way the bank was able to achieve a sustainable compliance framework that can be matured, rather than a tactical “point-in-time” solution.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>