• How healthy is your data retention and data privacy program?

    The stakes have never been higher for companies to demonstrate to Executive boards and regulatory authorities alike that they have effectively designed, implemented and maintained Data Management practices that comply with specific Regional Data Protection and Data Privacy legislation in the territories where they collect and use consumer data.

    Download BrochureRequest a demo


With the emergence in the last twenty years of the internet, mobile devices and the exponential growth in data complexity, veracity and volume outdated legislation governing the protection and privacy of consumers personal data devised in the infancy of the internet and pre dating mobile devices and big data is being dramatically updated across the globe to help improve the rights of individuals in a modern digital mobile age.

New and pending legislation is now forcing companies to take data management and its impact on the protection and privacy of an individual’s data increasingly seriously, with data borders no longer confined to geographical locations and with potential fines increasing dramatically companies can no longer ignore or plead ignorance to failures in the way they collect data and manage its risk.

Increasing power means that regulators can enforce companies to show how they are complying with legislation and to demonstrate that they have the mechanics in place and demonstrate the systems that they have to achieve compliance. Failure to meet obligations can now result in significant fines totalling potentially millions of dollars with immeasurable levels of reputation damage caused by control failure.

It is becoming a standard cost of business for companies to demonstrate to their Executive boards and regulatory authorities alike that they have effectively designed, implemented and maintained Data Risk Management practices and controls that comply with specific Data Protection and Data Privacy legislation in the territories where they collect and use consumer data.

An independent data risk management review process can be a time consuming and expensive exercise and often fails to deliver clear insights into compliance gaps or provide actionable business intelligence needed to make necessary improvements to your Data Risk Management practices.

Regulated entities need to have a robust framework for regularly monitoring the effectiveness of their Data Risk Management practices to assess whether they have implemented controls that are fit for purpose and are operating effectively.

What is the Data Risk Management Health Check?

The Data Risk Management Health Check solution is an online platform dedicated to controls assurance and provides a structured framework for conducting independent reviews to assess the design and operational effectiveness of your Data Risk Management practices in meeting your organisations obligations to the Data Protection and Data Privacy legislation in any geography or jurisdiction in which you collects and uses consumer data.

After the assessment has been completed for each compliance obligation users can create executive summary reports directly from the platform, highlighting the key observations, findings and recommendations, as well as, actions, issues and risks identified during the review process. The Data Risk Management Health Check will be your Chief Data Officer, Data Compliance Officer and Data Stewards key tool in ensuring your and their personal liabilities for data risk.

The Data Risk Management Health Check platform also contains rich data analytics that provide actionable business intelligence including; real-time operational dashboards for tracking open and outstanding actions, issues and risks; interactive reports which can slice and dice audit data in many ways including, drilling into particular areas of interest, as well as, benchmarking audit outcomes across different timeframes, data owners and stewards, divisions and countries, it can even summarise on a single page the compliance status across hundreds of compliance obligations.

How it works – get started in 4 easy steps

Select Jurisdiction

Select the Data Jurisdiction or Data Legislation (e.g. GDPR, BCBS239, CPG235) you want to check compliance with, this loads the appropriate assessment template, based on the Data Protection and Data Privacy obligations of that jurisdiction.

Conduct Assessment

Assess compliance with Data Protection and Data Privacy obligations and perform control test assurance to determine whether your Data Risk program as designed, is fit for purpose, has been implemented and is operating effectively.

Generate Report(s)

Create and publish an executive summary report outlining the key observations, recommendations, findings and highlight any compliance gaps and control weaknesses you need to address and calling out actions, issues and risks.

Analyse Outputs

Leverage our in built analytics to interrogate every aspect of the compliance assessment, benchmark audits over time, against each other and across data owners, stewards, operating groups, business units, functions and countries.

Helping you meet your compliance challenges

The management of data across your enterprise will typically follow some form or blend of data industry recognised framework (e.g. DMBOK, CMMI, DCAM) each of which has specifically been created to help you ensure that you have covered all the specific data related disciplines needed for competent data management (e.g. Data Architecture, Master and Reference Data Management and Data Lineage.)

Ensuring the practices you have implemented enable you to meet all of your legislative and prudential obligations for appropriately managing data and its risk is an entirely different challenge and one that has not traditionally been inherent in industry frameworks because of the previous lack of regulatory attention.

Data risk management is a uniquely challenging space that requires your operational risk, compliance and internal audit teams to understand data management and data risk and your data owners and stewards to consider risk and controls around data, both aspects being typically unfamiliar and challenging to the normal day to day of both functions. The Data Risk Management Health Check is designed to support both sides of this challenge, helping risk and compliance teams more easily get to grips with data and data management practices and data managers to get to grips with risk and control management.

Data management practices themselves are not targeted to specific legislative or prudential obligations and will need to be tested to ensure compliance usually to one or more obligation. For example testing data lineage should help you identify whether you have potential gaps in your compliance to GDPR (General Data Protection Regulation (Regulation (EU) 2016/679) and whether the classification of your Financial Assets are correct in line with IFRS9 (Financial Instruments) obligations.

The Data Risk Management Health check is itself designed to allow you to test specific, data disciplines, controls, processes and technologies against multiple regulatory obligations to give you a true and complete view of your real data risk.

The Data Risk Management Health Check is your Chief Data Officers new best friend in supporting all aspects of your organisations embed effect Data Risk Management.

  • Being prepared for data security breaches

    Ensuring that you have put in place clear policies and procedures that ensure that you can react quickly to any data breach and notify in accordance with the obligations of the relevant jurisdictions legislation.

  • Embracing privacy by design

    Ensure that steps to ensure adherence to privacy obligations are embedded into any new data processing or product deployment. Ensuring that appropriate consideration is given early in any process to enable a appropriate assessment and systematic and periodic validation of data used by the process or product.

  • Clarity of policies and notifications

    Defining and reviewing your data policies, standards and notifications are written in clear and plain language and are transparent and easily accessible.

  • Manage obligations as a processor of data

    If you are a supplier of data and data services to other organisations you must adequately consider your obligations as a processor of data. You will need to understand and build into your policies, procedures and contracts appropriate controls to ensure you remain compliant with your customers jurisdictions data protection and privacy obligations. Self assessment must ensure your contractual documentation is always up to date and adequate and clearly defines your respective responsibilities including who will bear the cost of making changes to the services as a result of the amendments to laws or regulations.

  • Establishing a framework for accountability

    Helping you to ensure that the policies, procedures and culture of monitoring, reviewing and assessing your data management practices with the specific aim of minimising data processing and retention whilst building in appropriate safeguards. Ensuring your staff are and remain trained to understand their obligations. Implementing easily auditable data protection and privacy impact assessments will also need to be conducted to review any risky processing activities and steps taken to address specific concerns.

  • Ensuring the legal use of personal data

    Ensuring that you always adequately consider what data processing you are undertaking and ensuring any processing is not overridden by the interests of the person providing the data. Ensuring you have either documentary evidence of the data subjects informed consent, given freely for the specific purpose and not subsequently withdrawn or you can prove that you have a legitimate interest in processing that data.

  • Ability to comply with an individuals data rights

    Within certain jurisdictions individuals can exercise rights that include data portability and the right to erasure. You data management processes must ensure that you are able to meet the demands of these individuals where you store their personal data and your policies and processes must be robust enough to prove that you have legitimate grounds for its retention that override their individual interests.

  • Manage obligations across borders

    Regional Data Protection and Data Privacy are now predominantly data not geographically focused which means though your business may physically reside outside of a particular geography if you manage data of customers within that geography you must comply with that regions Data Protection and Data Privacy legislation. If you transfer data internationally, even intra-business, your data management policies and processes must enable you to demonstrate that you have a legitimate basis for transferring personal data across jurisdictions, including those that are not recognised as having adequate data protection regulation. Failure to adhere to cross border obligations could result in significant fines for your organisation.

Video Tutorials

Deployment Options


Our solutions can be white-labelled (your content, your branding), installed and run on your organisation’s hardware, behind your own firewall and fully supported by your own organisation’s IT support staff which provides control over how the software is used and maintained and provides peace of mind to organisation’s who may not entrust compliance data hosted outside their premises.

Our IT team can provide support to your organisation’s own IT staff to help get you up and running.

Private Cloud

Our solutions are also available to be deployed off-premise as a ‘software-as-a-service’ (SaaS) offering which can be deployed to any private cloud hosting provider of your choice, for example, Amazon Web Services, IBM Softlayer

Private cloud hosting could provide peace-of-mind that trusted cloud-providers that your organisation may already be using to host other software applications, can be extended to new software applications.

Shared Cloud

Our solutions can also be deployed in the cloud using our preferred cloud-solution provider, Microsoft Azure, which is trusted by over 90% of Fortune 500 companies.

Microsoft has the highest standards of security, privacy, transparency and compliance to ensure your data is securely hosted in an in-country data centre, which can dramatically reduce your ongoing support costs in terms of staffing, hardware and software acquisition, ongoing maintenance and power consumption.


  • This field is for validation purposes and should be left unchanged.