The Objective

Our customer needed to identify data assets, assess risks, and improve information management practices across the business in preparation for GDPR regulations due to be enforced in 2018. Awareness levels were low in many areas of the business and there was no full time resource to dedicate to the issue. This customer needed to implement a ‘people solution’ within a framework that would manage and sustain itself.

The Solution

We ran a series of Layer 8 Live workshops, systematically and strategically with each department, to expose the information assets colleagues were accountable for, enable colleagues to recognise their individual and collective security responsibilities and facilitate an on-going collaborative effort to manage them securely. The workshops effectively initiated a conversation about security, but it needed to be sustained.


All workshop participants were given access to the Layer 8 Toolkit to enable the conversation to continue. Here, they have access to fresh educational content published monthly. We supported our customer with recruiting Security Champions for each team and onboarding them onto the Layer 8 Toolkit® Gold: Participate suite, giving them access to leadership resources and real-time management information. This champions network now represents the driving force behind culture change within the organisation.

The Outcomes

• Information classified as Personal and Sensitive was identified and registered as part of a data audit.
• Each department submitted contributions to a global Security Charter for data governance.
• Audits have since achieved improved results and commendations, scoring particularly highly on employees’ role in managing and protecting information.