See all case studies

British Taekwondo's journey to compliance with UK GDPR

Our information governance experts were asked to help British Taekwondo become compliant with UK GDPR.

They wanted to provide confidence to their members and partners that they could be trusted to handle and store personal information in accordance with data protection legislation.

The first thing we needed to do was understand the current culture of compliance at British Taekwondo.

We did this by undertaking an initial review to identify any gaps in documentation and processes and procedures in place. This provided us with an overview of what work was required and we agreed a plan of action over a defined time period.

The action plan was prioritised into two phases:

Phase one

We undertook a data mapping exercise with staff to understand data flows across the organisation and to provide the basis of a record of processing activity and an information asset register.

All of British Taekwondo’s contracts were reviewed to ensure compliance with UK GDPR, and the requirement to undertake risk assessments.

Phase two

Working with the team at British Taekwondo, we developed formal in-house processes for:

  • Data subject rights complaints
  • Information security incidents
  • Completion of data protection impact assessment
  • Further contract checks on data processors

At British Taekwondo’s request, we developed and delivered a training session to all key staff about how to conduct information security incident management.

The training also raised awareness and provided information about the process of investigation and assessment.

We were on hand to provide their Data Protection Officer (DPO) with advice and support, particularly on de-mystifying the information asset register and data protection impact assessments.

Our work has ensured that British Taekwondo are in a better position to provide assurance and confidence to their members and partners about the way they handle personal information.

We’ve also been able to provide their DPO a platform to maintain compliance with UK GDPR and the confidence to fulfil their role within British Taekwondo.

“Starting out on our information governance journey could have been daunting but for the expert support provided by Veritau. Through group and individual meetings, they got to the heart of what we do with all our information and why we do it and helped us to pull together everything we need to meet compliance within the world of data protection.

What could have been a really dry and difficult subject was made interesting and accessible in the difficult era of virtual meetings through the hard work and approachability of the team, in particular Andy Nutting who was extremely supportive throughout the whole process.

I wholeheartedly recommend Veritau for your information governance work.”

– Safeguarding, HR & Compliance Manager, British Taekwondo

Our sporting bodies experts
Andy Nutting - Information Governance Manager

Andy Nutting

Information Governance Manager

Andy has over 25 years’ experience working in information governance within local government. He specialises in the development and implementation of bespoke information strategy, policy and processes. Andy has a professional interest in making information open and transparent, and enhancing ethical considerations around data.

British Taekwondo’s journey to compliance with UK GDPR

Our information governance services
Explore Veritau's sectors