In 2019 Drax announced a world-leading ambition to be carbon negative by 2030, using Bioenergy with Carbon Capture and Storage (BECCS) technology. Their employees operate across three principal areas of activity – electricity generation, electricity sales to business customers and compressed wood pellet production and supply to third parties. They own and operate a portfolio of renewable electricity generation assets in England and Scotland, including the UK’s largest power station in Selby, North Yorkshire, which supplies five percent of the country’s electricity needs; and Drax also owns and has interests in pellet mills in the US South and Western Canada. Employing 3,400 people in the UK, North America and Canada, and supporting about 200k customers, Drax takes responsibility for protecting their personal data at every stage of processing and storage.
Providing a high standard of data protection is key to Drax’s approach to privacy, and they were working towards GDPR compliance since well before the legal requirement was introduced in 2018.
Drax’s privacy team have clear goals for what they need from a technology solution: they need to know what data they have, where it is stored, who has the right to access, and what to do in response to an incident. They needed a tool that could support a large volume of requests and assessments, as well as technology that could support cross-team collaboration, particularly with their Information Security colleagues who play an important role in incident management. To support these needs, they chose to implement a range of OneTrust modules, including Assessment Automation, Data Mapping, Data Subject Requests, Vendor Risk Management, Incident Response, Cookie Compliance, and Awareness Training.