Following on from our graduate training, a few months ago a team of us spent six weeks on a pro-bono project at a leading UK-based charity. The Prince’s Trust is a youth charity that helps young people get into jobs, education and training. The team had the pleasure of working with some inspiring people on some extremely interesting and diverse projects.
With the impending General Data Protection Regulations (GDPR) coming into force in May 2018 the necessity for The Prince’s Trust to refine their data processes and incorporate GDPR considerations into their CRM was immediate.
The implementation of GDPR has particular relevance to this charity as it collects both general personal information as well as sensitive personal data.
Therefore, the challenge was to define and prioritise GDPR requirements for a new release of their CRM system.
How we navigated the obstacle
Clarasys Agile Method (CAM) slicing: we took the highest priority GDPR considerations for the CRM system and outlined required changes to the system. We did so by taking the priority end-to-end so as to ensure that the Trust was able to tackle it in its entirety, before moving on to lower priority considerations.
Mapping the as-is process: this was achieved by completing interviews and demos with stakeholders across the organisation. We focused on gaining continual feedback and collaboration from the stakeholders to develop the processes throughout.
Identifying and categorising data inputs/outputs: with consideration of the new regulations, we defined all the data inputs/outputs in the processes. Thereafter we categorised these data inputs/outputs in terms of the sensitivity of their data and the likelihood of required changes.
Writing processes for external data requests: with the new request rights of the individual in mind, we utilised the current processes at The Prince’s Trust to construct new processes specifically designed to handle data requests. These underwent multiple validation and feedback sessions, and were duly communicated and explained to the relevant stakeholders to inform them of their roles.
Requirements gathering: following on from the process and data analysis, we defined and iterated upon CRM system requirements. Numerous feedback sessions helped to refine and add detailed criteria to the requirements.
Next steps plan: we were able to construct a roadmap for GDPR considerations for the CRM system. We recommended activities and ways of working to tackle future GDPR concerns, whilst providing a pragmatic approach for the coming months.
We provided a structured and collaborative approach towards tackling GDPR concerns.
The materials produced will give the charity a framework that will inform their future approach towards tackling GDPR regulations and personal data considerations.
The benefits of the collaborative and iterative ways of working that were employed in the project were clear, with improved communication across workstreams proving vital to the progress of the project, and the charity will be looking to adopt similar practices in future.
From a Clarasys perspective, the project represented a fantastic experience to work in a welcoming and inspiring environment. The charity was extremely accommodating and the opportunity to work with such motivated individuals was much appreciated.
Clarasys is looking forward to continuing its relationship with the charity and supporting its fundamental goal of helping disadvantaged young people.
For more information, please contact us on +44 203 131 5285.