What do you do? Describe your company.
SYHA are a not for profit housing association. We provide social housing for our general need’s customers in over 6000 properties. We also have a care and support strand to our business, Live Well. Within Live Well there are various schemes, helping people with Mental Health Issues, Extra care schemes for customers 55+, Homelessness, helping people back into work, collaboration with outside agencies including DWP and the NHS.
What was your problem, and what challenges prevented you from easily solving the problem?
With the introduction of GDPR in May 2018 , one of the main requirements was to know what data we held, why we collected , where is was shared , data retention etc. We had no way of recording or collecting this information other than manually or on spreadsheets which we didn’t want to do. We wanted to create an effective data asset register that would be easily available for all staff to access and update.
How did you find out about our solution? Did you consider other providers? What criteria did you use to select BPA and Microsoft?
We came across BPA Solutions via LinkedIn. We’d already had a couple of demonstrations from other providers and although they ‘did the job’ we felt they were over complicated and not so user friendly. We had recently begun working with Office 365 and as this solution is built on SharePoint would sit well within our infrastructure. The GDPR app suited all our requirements for the data asset register, but also had the options to manage data incidents and assessments also.
What was the solution? How did it address your challenges?
We used a lot of standard features provided by BPA but being able to easily customize the forms was essential so that we could tailor them to our business needs. This enabled us to map all our data processing and store in one central place where staff can add or amend when needed.
We record all our data incidents and assessments within BPA including all associated documents in the linked document storage. Previously these were kept in folders on a shared drive, which was time consuming to search and find what was needed. Now everything is in one place, secure and reportable via the interactive dashboard.
How did you implement the solution? How long did it take? What new challenges did the implementation create?
Our main priority was to implement the data asset register first. The solution was implemented by our Data Protection officer with direct contact with a dedicated BPA consultant. It took around 6 months to implement and test the asset register. This was mainly due to our staff resource. The incident module was implemented and tested within 3 months.
What results did you gain from BPA Solutions – both anecdotally and measurably?
Access to a user-friendly solution with the ability to easily manage data removing the need for duplicate solutions. All our data can now be viewed in an interactive real time dashboard. As BPA was a new solution the measurables are difficult to report as we didn’t have anything to compare it to but the reduction in time spent completing paper-based processes enables staff with more time to complete other tasks and reduces manual data error. We had a GDPR review audit recently. The auditor was very happy with the asset register in particular. He found it to be easy to navigate, and could find the information required easily.
Was there anything spectacular about how easy it was to deploy, or engage employees?
The ease in which the BPA solution was installed, sitting within the Office 365 platform made it easy for users to access and request access as they were already familiar with the platform. Granting access is effortless and quick for administrators. We created a short video with instructions on how to navigate around the app resulting in minimal training requirements.