SureCloud Helps TGI Fridays Combat Risk and Compliance Challenges
January 2019 by Patrick LEBRETON
Restaurant chain implements SureCloud’s applications to help accelerate and manage their compliance and risk strategies
Restaurant chain TGI Fridays UK has deployed Governance, Risk and Compliance vendor SureCloud’s GDPR suite to centralise and track its data and GDPR compliance, ensuring that the restaurant is equipped to meet GDPR requirements and to efficiently manage, store and analyse data. This solution replaces TGI Fridays’ manual data mapping and processing methods.
When TGI was looking for a solution to streamline its GDPR compliance processes, it approached SureCloud in late 2017, and committed to using the SureCloud GDPR Application Suite in December 2017. This also came at a time when TGI was using a ‘cumbersome’ Excel spreadsheet to produce its annual report and was in the process of conducting a review of its suppliers. These lacked the reporting capabilities that the restaurant needed to fulfil its GDPR requirements.
Its recommendation was the SureCloud GDPR Suite, delivered on the SureCloud platform. SureCloud has enhanced TGI’s ability to manage and provide reports on data subjects. Data can now be stored in a single centralised platform, which provides access for multiple users in TGI. After SureCloud had successfully demonstrated the ability to provide full visibility for management and automation of GDPR processes across the organisation, TGI selected its cloud-based suite of solutions.
The five applications TGI Fridays chose to deploy from the SureCloud GDPR Suite were:
GDPR Program Tracker - to enable TGI to map all its disparate data and workflows using intelligent risk-based questions
GDPR Management – to provide all mandatory GDPR business-as-usual processes
Information Asset Management - to record and maintain the TGI’s entire data inventory
Compliance Management for GDPR - to help TGI speed up their process of attaining compliance and on-going real-time risk remediation
Incident Management for GDPR – to meet the GDPR requirement to log, track and notify the ICO of any data breaches, should an incident arise
TGI can now build and maintain information assets in a register, which provides instant reporting and analysis of data subjects. TGI is using Data Privacy Impact Assessments to identify and minimise the privacy risks of new projects, systems or policies. Its Data Risk Management (DRM) solution is recording interactions with people and providing clearer oversight and analysis of its retention policies. Moving forward, TGI is conducting a biannual statistical analysis of its data subjects to identify and measure levels of risk across the business. The solution also facilitates assessments and aggregates the data from TGI Fridays’ suppliers making it easier to grade suppliers and their risks without having to extract the data from multiple different spreadsheets, accelerating the vendor risk assessment process.
TGI has put together an updated third-party risk management assessment, which its current and future suppliers who do or aspire to provide IT services for the retailer must undergo and adhere to. TGI prepared a modern slavery questionnaire for over 100 of its suppliers, as part of its commitment to good due diligence and that all its suppliers must meet high standards of IT security and are ISO27001 or another equivalent.