The client
The Rhodes Trust is an internationally renowned scholarship provider for post-graduate studies, based at the University of Oxford since 1903, making the Rhodes Scholarship programme the oldest international graduate scheme in the world. Rhodes aims to bring together and develop young people from all over the world, across a variety of fields of study.
The large geographical footprint of The Rhodes Trust is in itself a large challenge in respect of data protection compliance. Rhodes is currently undergoing significant redevelopment, transforming Rhodes House into a leading convening centre, and home for the Trust and its partners, in order to support the core mission. This transformative period has provided opportunity for Rhodes to further analyse the current tech infrastructure, and therefore the consideration for data protection compliance.
What did they need?
The Rhodes Trust approached Data Privacy Advisory Service looking for an external consultancy to provide an impartial data protection and information security audit, and board level report. The Trust wanted support to help identify and address any vulnerabilities or weaknesses in their data protection practices, and advise on any current risks post-audit to help them continue to maintain a good level of compliance. The Trust puts their scholars at the heart of everything they do, and they want to continue to build on these relationships by demonstrating that they adhere to current data protection laws and regulations, such as the GDPR.
How did we help?
Working with the Trust, DPAS independently assessed their compliance with the legislation beyond what was previously understood, and in line with revised law and guidance. As an independent auditor, DPAS was able to deliver an impartial data protection audit, providing an assessment of any compliance gaps the client had and offering independent advice on how to resolve them. Since the audit was completed entirely offsite, DPAS minimised disruption to the client’s organisation and the partnerships.
The audit helped raise awareness of data protection and the importance of compliance with all the key stakeholders. Our client was also able to use the detailed reports that DPAS developed within board and trustees meetings to demonstrate the organisation’s commitment to data protection and information security. In addition, the client was able to build a business case for funding using the report, to procure a privacy management system to further contribute to their ongoing commitment to data protection compliance.
What the client had to say:
“We were looking for an independent review and audit of our data processing activities and policies across the Rhodes Trust and our partner programmes. When we went to the market DPAS impressed us with the breadth and depth of the services they offered. We are a relatively complex organisation, the DPAS team quickly understood how our work fits together, and throughout the audit process I’ve appreciated the expertise of each member of the team that we’ve worked with. Their advice throughout has been reassuringly thorough, pragmatic, and tailored to our needs.”
M. Treavis – Head of Information Security
