The British Psychological Society (BPS) partnered with Difrent to better understand how they handled the data of their membership, what it meant for them as an organisation, where they might improve and how that could serve as the foundation for transforming their business. Data-led business transformation is a big step for any company. For a charitable, membership society with a complex membership matrix and legacy systems and processes developed over many, many years, it is both a bold and important leadership decision. Difrent had worked with BPS previously on a project to implement Service Management principles into their IT processes, including mapping all of their services and systems. This allowed them to appreciate the complexity of their IT estate and the amount of data contained within it.
Difrent has a long-term partnership with Caroline Carruthers, co-creator of the Carruthers & Jackson model for Data Maturity Assessments. We are proud to have her as a member of our advisory board and we partnered with Caroline for this project to assess the full data landscape within BPS.
Working alongside a team of data and security specialists from Difrent, Caroline conducted a number of workshops to assess the level of maturity when it comes to all types of data across the organisation. These included leaders from across the entire business and anyone who is responsible for data as part of their role. The model comprises 12 core elements that, when combined, address all areas of data management. The model is grouped into 4 core categories:
Purpose - the purpose element frames the direction for all your data activities and ensures that the data strategy underpins the business strategy.
Method - incorporates the organisation, framework and policy elements of the model. This is concerned with how something is put in place to ensure success.
People - form a major component of any change and data is no exception. Skills, behaviour and leadership create the people focused elements.
Tools - this covers the tools you need to play the data game and to play it well, including information architecture, metrics and technology.
We looked at factors such as GDPR compliance, security standards and corporate policies that related to data handling and relationships with suppliers who process data for BPS. We implemented an improved Data Protection Impact Assessment (DPIA), crucial in assessing any new services and systems the society wish to introduce to the business and understanding the implications for GDPR regulatory compliance. We also developed a new policy framework to provide the data protection officer with the tools needed to improve the safe and secure handling of data at every level and by every team member.
The result Data maturity scores were low, but the road to improvement has been uncovered and the leadership team are now equipped to improve the data maturity scores themselves. DPIA now an integral part of BPS business case approvals process, we conducted the first DPIA in conjunction with the project team for a new system to manage their online communities. BPS controls a significant amount of data, becoming more capable and confident in how they handle and interpret it will form the backbone of the largest transformation in the 120 year history of the Society.