Background
Ocasa Homes is a leading property management company, offering high-quality and affordable housing across the UK. As well as serving communities with a choice of rental apartments, Ocasa Homes provides space planning services, market analysis, refurbishment, and management support to property developers and investors.
The company contacted The DPO Centre for support with the day-to-day challenges of complying with data protection laws. They needed assistance completing Records of Processing Activities (RoPAs), data mapping, and updating privacy notices.
Challenges
- Completing RoPAs
- Data mapping
- Privacy Notices
Solution
Following a comprehensive review of Ocasa Homes’ existing compliance framework, the designated DPO assisted with data mapping to identify the third parties involved in the data lifecycle. This led to the production of a Data Processing Agreement (DPA) between Ocasa Homes and their parent company, ensuring robust safeguards for customers’ rights.
The DPO facilitated the completion of RoPAs, establishing a clear structure to articulate processing activities and identify and mitigate risks. The company’s privacy notices were updated, providing clear and transparent information to customers about how their data is handled.
Ongoing DPO support has resulted in a thorough revision of all privacy policies and procedures, as well as improvements to the internal training programme. This proactive approach has significantly enhanced the company’s data privacy framework, ensuring Ocasa Homes is compliant with current data protection legislation.
Outcome
Emma Telka, Head of Business Operations, said, ‘Our overriding challenge was ensuring GDPR compliance amidst our rapid growth. We chose to work with The DPO Centre due to their expertise and tailored approach. The completion of the audit and the framework provided by The DPO Centre has begun to transform our data handling practices and the impact of his work is evident in our staff’s heightened awareness of privacy compliance. We now have certainty about our responsible approach to managing data securely.’