*Reassuringly dull cyber security e: info@normcyber.comt: +44 (0) 203 855 6215

ASC selects Data Protection as a Service from norm. to shore up data protection standards


The Aquaculture Stewardship Council (ASC) is the world’s leading certification scheme for farmed seafood – known as aquaculture. ASC develops and manages the strictest standards in the industry. These standards include hundreds of requirements covering the potential impacts of aquaculture – including water quality, responsible sourcing of feed, disease prevention, animal welfare, the fair treatment and pay of workers and maintaining positive relationships with neighbouring communities.

As a creator and steward of both standards for responsible farming covering both environmental and social impacts, for many organisations ASC accreditation forms part of their wider Corporate Social Responsibility program, which means that there is an expectation that the ASC itself takes compliance and governance seriously. The ASC also deals with a significant amount of commercial data relating to suppliers and retailers, some of whom are competitors, which means that it needs to be able to demonstrate its ability to protect that data and handle it correctly.

Richard Ryan, Director of Operations at ASC, explains: “As an international organisation that is part of global supply chains our data systems are extremely complex. Good data governance isn’t just a matter of compliance for us, it is wholly necessary to allowing us to serve our customers better and to position ourselves against other standards schemes in the industry.”

Compliance with the GDPR forms an important part of the ASC’s data governance framework, and Brexit has brought both opportunities and challenges – not least relating to the complexities of international data transfers and the operational requirements that arise for organisations with multiple legal entities.

When assessing whether to opt for an in-house or outsourced DPO, there were a number of factors to consider including the complexity of the data protection landscape, the ASC’s changing requirements, and cost.

“The increasing complexity of our operations and data governance as we move forward, coupled with external data protection developments, meant that we needed a DPO with in-depth legal expertise and significant experience,” continues Richard. “However, we couldn’t justify employing a full-time DPO given our current size. That’s why we opted for an outsourced DPO service – we have the guidance and advice on hand when we need it, without the overhead of a full-time headcount.”

The data protection team at norm. began by conducting a GDPR compliance review for ASC, and together with Richard built out a roadmap to follow to improve the organisation’s policies and procedures accordingly. It is an ongoing process, as with any compliance initiative, and is viewed as a strategic priority.

“We can address our data protection requirements with confidence and ease knowing that the team at norm. is always on hand for both ongoing and adhoc support,” concludes Richard. “We view adhering to the highest data privacy standards as vital to the work we do, and norm. helps us to achieve this.”

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group