Wave Leisure Trust Ltd is a charity and social Enterprise running 10 leisure centres across the South of England with a purpose of inspiring active lifestyles and a vision to be at the heart of the improvement of health and wellbeing within the Community.
- To ensure Wave is compliant with GDPR well before 25th May 2018
- A data protection officer will continue to work a few days a month after April 2018
- All data-handling practices have been reviewed, such as the nature of the data recorded on member and staff databases
From May 25th 2018, organisations will be obliged to comply with the General Data Protection Regulation (GDPR). There is now a risk of more severe financial penalties for data breaches than the existing Data Protection Act.
Eastside Primetimers were already working with Wave on impact assessment, when GDPR was identified as an additional need. Wave wished to ensure compliance and ensure their members and employees are protected under the new regulation, and avoid a potentially crippling fine for a data breach. Wave’s transition to compliance required assistance from an independent outsider with a critical eye and a comprehensive knowledge of GDPR.
With expertise and experience in this area, Eastside Primetimers consultant Michael Griffin has guided Wave’s progression to GDPR compliance in several steps:
- An audit was conducted to examine Wave’s current processes and procedures with regard to data protection
- In doing so, this process also beneficially highlighted possible areas for improvement not necessarily related to GDPR, and these findings will be used to make the organisation more efficient for the future
- A detailed project plan outlined procedures for a swift transition to GDPR compliance
- Regular meetings are being run to ensure measures are being implemented effectively. This project aims to finish at the end of March/April 2018, well before GDPR becomes enforceable
- The need for a data protection officer was identified