behaviour-lab_logo

How Behaviour Lab achieved ISO 27001 and GDPR compliance with DataGuard

“DataGuard helped us vet our policies and procedures and in the future with its platform will help us manage and keep our policies up to date.”

behaviourlab_calin_coman-enescu

Calin Coman-Enescu

Head of Operations

Behaviour Lab

Behaviour Lab works with asset managers, private equity firms, insurance companies and executive boards, helping them improve how they make investments by reducing biases’ negative effect have on performance. They use analytics and behavioural science to examine the impact on performance and how to limit these effects.

Location

UK

Company size

Small & medium business

Industry

Profesional services - Finance

Product

Security

Before DataGuard

  • Genuine need to protect client data & having mechanisms in place to deal with the consequences of potential data breaches.
  • Risk of failing client onboarding audits due to not being ISO 27001 certified
  • Minimal knowledge of privacy and information security standards

With DataGuard

  • Streamlined policies and increased employee awareness
  • Privacy and information security controls are in place
  • Shortened client onboarding process leading to more business opportunities

 

The goal: Behaviour Lab's highly sensitive data made information security a priority  

Behaviour Lab works hands-on with very sensitive data like trading data, investment theses and emotional data. They collect investment decision data over several years, run that through their algorithm and derive behavioral nudges for customers, such as: ‘Your strengths lie in buy selection and weighting, but you leave money on the table when deciding when to sell, impacting your fund negatively by X%’. Their algorithms and the client data they process pose a massive information security risk due to the highly confidential nature of both the inputs and outputs of their software platform. So, they wanted to work towards ISO 27001 and GDPR compliance proactively. They set very clear goals:

  • Get ISO 27001 certified 
  • Define Privacy controls for GDPR compliance 
  • Train their employees on Information Security & Privacy 

Choosing DataGuard

DataGuard checked the right boxes: In-house experts, technology and European operations 

ISO 27001 and GDPR compliance was high on the agenda of Behaviour Lab. They had to ensure that their information security controls were tightened and all data privacy measures in place.  

“I like the DataGuard Academy the most. Trainings are very useful as they have helped everyone in the company become more conscious of information security” said Calin Coman-Enescu, Head of Operations at Behaviour Lab. 

They started preparing for ISO 27001 on their own, but soon realized they didn’t have the necessary knowledge and expertise in-house. They were not sure if what they did was good enough, leading to uncertainty of passing the ISO 27001 audit 

Behaviour Lab started looking for external support, evaluating some UK-based consultancies. DataGuard checked the right boxes – DataGuard's operations in the EU meant that the in-house experts had extensive knowledge and expertise on the UK and EU regulations. The Privacy, ISO and SOC2 roadmap looked promising, so Behaviour Lab felt confident that they were in safe hands.  

“The Policy Generator feature of the platform looks promising as it will reduce manual effort massively on our end. I’m not stressed about the upcoming changes in ISO Standards because I won’t need to manually rework our policies” added Coman-Enescu of Behaviour Lab. 

ISO 27001 and GDPR TO FUEL BEHAVIOUR LAB’S SALES PIPELINE AND IMPROVE EMPLOYEE AWARENESS

Post ISO 27001, Behaviour Lab have noted a meaningful reduction in the number of even minor security incidents versus its already very strict internal policies. What’s more, employees have become more proactive in reporting even minor incidents. Behaviour Lab doubled their headcount during this time.  

Thanks to ISO 27001 and continuous GDPR compliance, they have standardized their processes. Despite significant growth, everything has stayed the same instead of getting disorganized.

Looking to the future - SOC 2 with DataGuard

Having started with ISO 27001 certification and GDPR compliance, Behaviour Lab is now piloting SOC2 certification with DataGuard.  

Managing Privacy and Information Security in one place via DataGuard has already simplified project management, task completion, and stakeholder collaboration. In the future, the platform will bring in more efficiency by digitizing and speeding up manual tasks. Meanwhile, DataGuard’s experts are at hand to provide advice and guidance throughout Behaviour Lab’s journey.

Discover how you can achieve your security & compliance objectives with DataGuard.

How can we help?Contact us.

(089) 8967 551 000
dg_seal_iso_2-0-3
dg_seal_tisax_2-0-3
dg_seal_gdpr_2-0-3

Products

Platform

Frameworks

Solutions

Resources

Company

English

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide Software-as-a-Service and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

All data provided is for information only, based on internal estimates. This information is not indicative of KPIs, and is not given with any warranties or guarantees, expressly stated or implied in relation to accuracy and reliability.