Start typing to search
  • Popular Searches
  • AI governance
  • Data privacy and the GDPR
  • PCI DSS
  • Cyber essentials
  • ISO 27001
  • SOC 2
Get a quote

Taking a systematic approach to GDPR and international data protection compliance

27 May 2026

Case study

Data Protection

GDPR

Canfield Scientific needed to achieve a higher level of GDPR compliance, and chose IT Governance USA, now GRC Solutions Inc, to provide consultancy and training to help it meet its goals.

Article contents

The challenge The solution The outcome Why GRC Solutions?

Article contents

The challenge The solution The outcome Why GRC Solutions?

The challenge

Canfield is the global leader in imaging systems, services, and products for scientific research and healthcare applications, including the pharmaceutical, biotechnology, cosmetics, medical and skincare industries.

Canfield’s systems hold a lot of personal data, so it is paramount that it complies with relevant cyber security and data protection laws – including the GDPR. Canfield is committed to protecting the data of its customers and business partners, so identifying and addressing any gaps in compliance is vitally important.

The solution

Our GDPR Gap Analysis service provides a comprehensive assessment to determine whether the organisation is meeting its legal requirements under EU and/or UK data protection law.

The service uses our proprietary GDPR RADAR™ assessment tool to gauge the level of compliance across ten areas and calculate whether any specific practices related to the business increase regulatory risks.

The results are presented in an easily understandable visual guide, alongside a detailed report that explains your organisation’s biggest compliance strengths and weaknesses, with recommendations to bolster your practices.

Facets examined

  1. Scope of compliance

    2. The organisation’s understanding of the applicability of the GDPR.

  2. Roles, responsibilities and training

    3. How roles and responsibilities are defined and established.

  3. Risk management

    4. The effectiveness and thoroughness of risk management activities.

  4. Rights of the data subject

    5. The processes that support data subject rights.

  5. Data transfers

    6. Data transfer mechanisms, including international.

  6. Privacy by design

    7. The extent to which the organisation considers privacy in projects.

  7. Privacy information management

    8. Formal structures for managing privacy.

  8. Information security management

    9. Formal structures for managing information security.

  9. Governance

    10. The effectiveness of governance processes in supporting privacy.

  10. Data protection officer (DPO)

    11. The organisation’s appointment and use of a DPO.

The outcome

The GRC Solutions account manager led a project in which our consultant reviewed Canfield’s systems and interviewed key corporate stakeholders, identifying risk associated with certain data processing activities. Some risk was associated with Canfield’s collection and storage of sensitive health information, including biometric imagery.

Canfield subsequently revised its existing business practices to enhance compliance with the GDPR and embolden data subjects’ control over their data.

Contracts with existing service providers now include strengthened data protection clauses, and customer-facing services have revised consent collection forms to properly collect customer health information. The already strong network architecture and encryption policy was further enhanced to give end-to-end protection over data subjects’ privacy when using Canfield tools and technology in the field.

Canfield reported that the analysis was extremely helpful in identifying weak points in its processes, giving it a clear path to GDPR compliance. Following the audit, it implemented the specific measures necessary to achieve a higher level of compliance with the GDPR.

Canfield’s revised policies and agreements give clients greater assurance regarding the protection of their data and further enhance Canfield’s competitive advantage. Canfield believes this has improved its standing in the market as it continues to offer best-in-class service to its clients.

The consultant was extremely knowledgeable and helpful in working through various bits of the Regulation and its applicability to our business and working with the consultants was a pleasure. This analysis was extremely helpful in identifying weak points in our processes and has given our team a clear path to compliance.

Tanya Demerjian Quality Assurance Director, Canfield

Why GRC Solutions?

Our data privacy services are designed by leading data protection professionals to deliver commercial, pragmatic outcomes for our customers.

We don’t believe in one-size-fits-all solutions. Our consultants take the time to understand your organisation’s structure, risk profile and compliance challenges – delivering practical, actionable advice that aligns with your business goals.

We go beyond consultancy, offering a full suite of services across privacy, information security and cyber security. From training to managed services, we support your long-term compliance strategy from end to end.

Get in touch.

Back to resources

Keep reading

Uncategorised

E-learning FAQs

22 May 2026

Blog

Your ‘Meet the Team’ Page: The Security Risks of Corporate Visibility

20 May 2026

Blog

101 Ways to Engage Your Colleagues in Data Protection

20 May 2026

Blog

ROCs and SAQs: Which PCI DSS Compliance Validation Route Applies to Your Business?

14 May 2026

Blog

South Staffordshire Water Fined Nearly £1 Million for Data Breach

13 May 2026

Knowledge

GDPR FAQ

12 May 2026

Knowledge

ISO 42001 and AI Governance FAQ

11 May 2026

Knowledge

PCI DSS FAQ

11 May 2026

Knowledge

SOC 2 FAQ

11 May 2026

Knowledge

ISO 27001 FAQ

11 May 2026