SureCloud enables U Account to identify the personal data it stores and develop compliant processes
U Account is a leading Fintech solutions provider, launched in 2016 to provide an alternative to traditional banking for those that have been underserved by high-street banks. Based in Sheffield, South Yorkshire, they provide current accounts and other banking services that enable customers to avoid unfair fees and actively improve their financial health with an array of innovative built-in features and functionalities.
The business handles the personal data, including names, date of birth, address, account numbers and much more, of more than 50,000 customers, as well as the data of its employees. With the enforcement of GDPR set to be introduced in May 2018, the company wanted to ensure that it could confidently demonstrate its commitment to data protection and privacy.
Kieran O’Shea, Head of Compliance and Data Protection Officer at U Account, explained: “Data is our number one commodity, without which our business couldn’t survive. Our customers trust us to robustly secure not just their money but also their data; making trust core to our brand proposition.”
“To this end, we have developed robust controls to secure our data. However, as a fast-growing company, with constantly evolving processes which needed documenting in a central location within the business, we recognized that we needed to be able to demonstrate that our processes across the business were compliant.
“I was also very keen to ensure that we developed effective and efficient processes for managing incidents and subject access requests, so we wanted a solution that could both benchmark our existing processes and support the development of new ones, which will allow us to demonstrate our ongoing commitment to GDPR compliance.”
The SureCloud Solution
To address this challenge U Account wanted a solution that could link and cross-reference processing activities across all business processes. In addition, they were looking for a solution that could support both their benchmarking and ongoing compliance requirements from a single access point.
“As a business that is cloud-native it was important to us that any solution not only met our compliance requirements but was also cloud-based, without the need for thousands of spreadsheets,” explained Kieran. “We reviewed a number of solutions, including open source, custom made and off the shelf solutions, ultimately selecting SureCloud as they not only met all our requirements but enabled us to have a mature, well-established off the shelf solution with room for custom configuration.”
SureCloud’s GDPR Suite consolidates the numerous articles within the regulation into a set number of business-specific controls, providing a reliable set of processes to ensure that the standards are continually met, removing the need for organizations to develop and maintain spreadsheets to achieve compliance.
U Account selected 6 cloud-based applications to make up their GDPR Suite:
- GDPR Program Tracker
- GDPR Management
- Information Asset Management
- Compliance Management
- Risk Management (privacy variant)
- Incident Management for GDPR
Using the GDPR Application Suite, organizations across a wide range of sectors can apply the GDPR’s rules not only business-wide but also to specific departments and processes to ensure that all personal data are handled in compliance with the regulation. This, in turn, enables them to assess their current compliance status against the GDPR framework quickly– and allows them to make changes to better manage their GDPR obligations.
“The solution was exceptionally easy to deploy” continued Kieran. “This has enabled us to develop a single source of truth for how, where, why and with whom we process personal data, providing us with a degree of confidence that we can demonstrate our compliance efforts, and we have the ability to respond to incidents and requests promptly.”
Ongoing GDPR Compliance
Using the SureCloud solution U Account now has full visibility of the data it stores and the processes it uses for managing and handling that data. This has provided a single source of truth for GDPR compliance, enabling the business to achieve a fully accountable view of its compliance on a continual, ongoing basis.
Kieran added: “The SureCloud solution automatically notifies me of any DPIA requests, enabling me to have an ongoing awareness without having to log into the platform. Furthermore, all actions and requests are fully documented, enabling me to assign responsibility to various information asset owners within the business, as well as empowering them to manage their own data protection risks.”
“From the platform, I can track these actions and monitor progress to ensure that we are managing our GDPR compliance on a continual basis. In short, this level of visibility of data assets, processing activities and actions provided by the SureCloud platform has exceeded our expectations.”
SureCloud is a provider of cloud-based, integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.
About U Account
U is creating the Unbank of U, which is the UK’s first alternative to mainstream banks tailored to the specific needs of the 10-12 million UK people with impaired credit status. U today provides a fully featured smartphone-based alternative to bank current accounts.
The U account offers everything you would expect from a current account, including a free contactless debit Mastercard® card, plus some unique and revolutionary offerings that help users manage their finances.
U aims for complete transparency with its pricing and has zero hidden charges or penalty fees that could damage customers’ financial well-being. Instead, users pay for the services they choose – and it’s up to them how much.
The U proposition is underpinned by a disruptive commercial model enabled by API-based technology, allowing the company to provide a high-spec personal current account competitor from a low-cost digital footprint.
Learn more about our GDPR Suite here.