Case studies

The tender

A client was asked in a tender document for a data protection policy statement.

Based on the company’s data protection compliance activity, we were able to adopt a positive position in the tender response. We included the company policy on data protection approved by the board and a robust statement about the compliance and information security audit activity we undertook to ensure that the company continued to meet its stated policy. We won the tender, it was a £1 million contract.

The bureau

A bureau which traced consumers on behalf of banks and other large institutions wanted to offer its tracing services direct to consumers but was prevented by the fact that it had only processed consumer data on behalf of others so it had no authority to process the personal data for its own purposes.

By requiring consumers to register to access the third parties trying to locate them (the banks etc) the bureau repositioned itself as the organisation in control of personal information. This meant that it could process the information for its own purposes as well as on behalf of its principals.