The challenge
GDPR compliance requirements exposed manual, fragmented processes at Vanquis:
- No unified repository of data-processing records.
- No automated workflows for data access or deletion requests.
- No centralized visibility into the third parties handling data.
- Difficulty meeting regulatory requirements and managing legal risk.
The solution
Vanquis implemented OneTrust with four key modules, in a project led by its Data Protection Analyst together with the CISO and the compliance team:
- Data Mapping — track personal data across the organization.
- Assessment Automation — automate privacy impact assessments.
- Data Subject Rights Automation — streamline data subject requests.
- Third-Party Risk Management — monitor the vendors handling data.
Results
- Automated, auditable reporting that improves efficiency.
- Full traceability of personal data (customers, employees and vendors).
- Efficient management of data subject rights with clear workflows.
- Centralized impact assessments that reduce risk and inconsistency.
OneTrust was selected for its business focus, intuitive design, adaptability and enterprise-wide auditable transparency.