AlRayan Bank

A DPO specialising in the Financial sector conducted a comprehensive audit of AlRayan Bank’s data protection practices to identify areas for improvement. This established a clear baseline for strengthening compliance while supporting day-to-day operations.

To build a clear picture of data processing activities, the DPO distributed a tailored Record of Processing Activities (RoPA) template to individual functions. Responses were reviewed to map data flows, clarify retention practices, and identify lawful bases. Where required, Legitimate Interests Assessments (LIAs) were also implemented.

Policy documentation was reviewed and updated to meet UK GDPR requirements. Where gaps existed, the DPO drafted bespoke documents aligned to AlRayan Bank’s operational and cultural context, ensuring relevance and clarity for staff. This included a robust Data Subject Requests policy, covering all rights-based requests, including access and erasure.

To support international data transfers between the UK and the Bank’s Qatari parent, the DPO completed a Transfer Impact Assessment (TIA) and implemented appropriate safeguards, including an Intra-Group Agreement and the International Data Transfer Agreement (IDTA).

The DPO continues to review new systems and activities as they arise, providing expert input on Data Protection Impact Assessments (DPIAs) and supporting ongoing risk management.

Outcome

Matthew Halsall, Head of Compliance at AlRayan Bank, said: ‘The support of the DPO has been essential over the past 12 months in strengthening our data protection framework. The DPO has also been flexible and timely in responses to requests and deliverables and has provided valuable advisory support.’