Serco

Serco transforms their privacy program with OneTrust leading the way

Hallway of architectural arches

Table of contents

Serco Plc is an FTSE 250 company and international provider of public services to governments throughout the UK & Europe. With many contracts across the region, Serco operates across the defense, justice and immigration, transport, health and citizen services sectors, making them responsible for transforming the delivery of vital services on behalf of governments and other public sector organisations.

From making patients feel comfortable while in hospital, teaching prisoners valuable life skills, ensuring trains run on time, improving road safety and maintaining essential services for government defense, Serco is making a difference for thousands of people who use its services.

Serco understands their end users have a heightened sense of vulnerability and the company holds a large amount of sensitive data, so ongoing privacy operations are essential to mitigating risk for the business, as well as its customers, vendors, and employees.

To operationalise their privacy operations, Serco’s Julie Varcoe-Cocks, Head of Ethics, Regulatory and Compliance and DPO worked to enhance their privacy program.

"We operate in a diverse number of sectors and work on many contracts, so we decided to build upon our current information governance framework to most efficiently and effectively manage our privacy operations."

 

Julie Varcoe-Cocks, Head of Ethics, Regulatory and Compliance and DPO

Focusing on a GDPR-ready privacy program

Two years before the effective date of GDPR Varcoe-Cocks developed a GDPR education proposal with senior management. She understood that GDPR was not just a compliance requirement, but crucial that business units across the company were on board with the strategy and approach to the regulation. To build upon this cross-function effort, Serco formed a data governance committee which brainstormed the various ways in which the GDPR could apply, as well as how the company could most efficiently and effectively comply.

To get started, Serco determined how to best protect customer, employee and end-user data. Serco updated their privacy policies and procedures based on their GDPR roadmap and created a project team that includes a Data Protection Champion responsible for each contract.

Teaming up with OneTrust and partners to automate privacy processes

Serco recognized an excel-based process would not be manageable given the diverse number of systems the business works within and assets that handle personal data. Serco evaluated a number of tools and selected OneTrust to assist with their privacy program. They noted OneTrust had a unique set of capabilities and tools as well as the well-defined customer base and commitment to ongoing innovation.

"We needed a straight out-of-the-box solution that we could tweak and tailor to kickstart the data inventory process. OneTrust already had an expansive customer base as well as a structured formula to scale and operationalize our privacy program."

 

Emma Green, Data Governance Specialist

The Serco Data Protection Office got to work implementing OneTrust’s Data Mapping and Inventory tool to understand their data inventory and processing activities to identify gaps and track recommendations, evidence and approvals for remediating risk.

Serco also implemented OneTrust’s Assessment Automation tool to distribute privacy-related questionnaires and improved collaboration between the Data Protection Office, business leaders and customer contract Data Protection Champions. This framework was adopted to not only improve Serco’s privacy processes, but to serve as a way to better understand risks and add value to current work we do.

They later rolled out a GDPR training for over 400 managers, business leaders and Data Protection Champions. In doing so, Serco empowered employees across the business to understand that GDPR obligations and data protection is the responsibility of the entire company. OneTrust is an integral part of the company’s privacy operations and “to date, every single Serco contract has come into contact with the OneTrust portal at some point,” said Varcoe-Cocks.

"OneTrust is becoming even more interactive as the company invests more time into product innovation and regulatory research and this combined supports our privacy management goals."

 

Julie Varcoe-Cocks, Head of Ethics, Regulatory and Compliance and DPO

Identifying new and innovative ways to work within OneTrust

OneTrust has helped the business capitalize on increase company-wide privacy awareness.

Serco plans to improve upon and further standardize their privacy processes well into 2019, specifically as it relates to the standardization of DPIAs in the OneTrust tool to further identify privacy risk management best practices.

"OneTrust helps us understand good privacy practices. The attraction of OneTrust is that we can adapt our privacy assessments and data mapping to a centralized framework with deep privacy research built in to see where our data sits, the flow of this data, commonalities behind it, as well as what risks exist and how we should go about mitigation in the event of an incident."

 

Julie Varcoe-Cocks, Head of Ethics, Regulatory and Compliance and DPO

As the regulatory environment continues to develop, Serco understands data protection is an ongoing process. They are evaluating OneTrust’s cookie compliance and incident and breach modules to further automate regulatory obligations and are committed to enhancing not just how the business operates in terms of the GDPR, but holistically.

 

You may also like

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more

Your partner in trust transformation

Top Searches

Platform

Company

Latest News

Resources

Contact Us

Privacy Matters

Our privacy center makes it easy to see how
we collect and use your information.

Your privacy

When we collect your personal information, we always inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.

© 2023 OneTrust, LLC. All Rights Reserved.

Our policies

Your rights