Background
Medequip is the UK’s leading provider of community equipment services, working with local authorities and the NHS to deliver essential support that helps people remain independent in their homes. With operations spanning health and social care, Medequip plays a vital role in improving quality of life for vulnerable individuals across the country.
As part of their ongoing work with public sector partners, Medequip was required to respond to increasingly complex data protection due diligence requests. With limited internal resources, the organisation engaged The DPO Centre to provide expert support and ensure timely, accurate responses that met the expectations of external stakeholders.
Key Challenges
- Responding to due diligence requests
- Improving GDPR documentation
- Incident management
Solution
The designated DPO worked closely with internal teams to review and enhance Medequip’s existing data protection documentation, including policies, data flow maps, and Data Protection Impact Assessments (DPIAs). This material was repurposed to meet commissioner due diligence requests, helping Medequip deliver clear, timely, and accurate responses that strengthened its position as a trusted public sector partner.
To strengthen data protection practices, our DPO implemented a structured incident management process, developed a comprehensive Record of Processing Activities (RoPA), and updated key documentation in line with GDPR requirements. These improvements accelerated contract approvals and reduced delays in onboarding new agreements.
Our DPO also provided hands-on support across multiple areas, including NHS DSPT submissions, ISO 27001 transition preparation, DSAR handling, ICO response preparation, and HR-related data protection matters. By attending stakeholder meetings, our DPO reinforced commissioner confidence in Medequip’s governance, enabling the organisation to consistently demonstrate assurance, accountability, and credibility.
Outcome
Marie Martinalli, Head of SHEQ, Integrated Governance & Training, and Data Protection Officer at Medequip, said: ‘Our designated DPO’s deep understanding of data protection and his ability to translate complex compliance requirements into practical business solutions made all the difference. His expertise not only strengthened our internal processes but also helped us demonstrate assurance and credibility to our commissioners.’
