The company: A British fashion and lifestyle brand requested data subject rights and consent management testing to measure their compliance with the UK GDPR and the PECR (Privacy and Electronic Communications Regulations).
The service: DQM GRC was commissioned to carry out data subject rights testing as part of a privacy assessment programme to examine our customer’s adherence in the UK to the requirements of the EU GDPR, the UK GDPR and the DPA (Data Protection Act) 2018, and the maturity of its compliance activities. The programme used the DQM GRC seeding and mystery shopping network to test email consent for marketing, postal consent for marketing, data subject access requests and the right to erasure.
The deliverables: A detailed report was delivered to the customer that included a summary and methodology for each test; details of communications via post, email and telephone, including dates; detailed observations of the customer’s data protection compliance; and remediation advice.
The results: Our customer has amended its practices to ensure that its data subject rights and consent management are now fully compliant.