The Rhodes Trust – Data Protection and Information Security Audit


sector :



Large scale processing, high risk data, complex structure, international processing



The Rhodes Trust is an internationally renowned scholarship provider for post-graduate studies, based at the University of Oxford since 1903, making the Rhodes Scholarship programme the oldest international graduate scheme in the world. Rhodes aims to bring together, and develop, young people from all over the world, across a variety of fields of study.

The large geographical footprint of The Rhodes Trust is in itself a large challenge in respect of data protection compliance. Rhodes is currently undergoing significant redevelopment, transforming Rhodes House into a leading convening centre, and home for the Trust and its partners, in order to support the core mission. This transformative period has provided opportunity for Rhodes to further analyse the current tech infrastructure, and therefore the consideration for data protection compliance.


The Challenge


The Rhodes Trust approached DPAS looking for an external consultancy to provide an impartial data protection and information security audit, and board level report. The Trust wanted support to help identify, and address, any vulnerabilities or weaknesses in their data protection practices, and advice on any current risks post audit to help them continue to maintain a good level of compliance. The Trust puts their scholars at the heart of everything they do, and they want to continue to build on these relationships by demonstrating that they adhere to current laws and regulations. 



Working with the Trust, DPAS independently assessed their compliance with the legislation beyond what was previously understood, and inline with revised law and guidance. Being an independent auditor, DPAS was able to deliver an impartial assessment of any compliance gaps the client had, and offer independent advice on how to resolve them. Since the audit was completed entirely offsite, DPAS minimised disruption to the client’s organisation and the partnerships. 

The audit helped raise awareness of data protection and the importance of compliance with all the key stakeholders. Our client was also able to use the detailed reports that DPAS developed within board and trustees meetings to demonstrate the organisation’s commitment to data protection and information security. In addition, the client was able to build a business case for funding using the report, to procure a privacy management system to further contribute to their ongoing commitment to data protection compliance.  




“We were looking for an independent review and audit of our data processing activities and policies across the Rhodes Trust and our partner programmes. When we went to the market DPAS impressed us with the breadth and depth of the services they offered. We are a relatively complex organisation, the DPAS team quickly understood how our work fits together, and throughout the audit process I’ve appreciated the expertise of each member of the team that we’ve worked with. Their advice throughout has been reassuringly thorough, pragmatic, and tailored to our needs.”

M. Treavis – Head of Information Security


Our Audit tool



Want to learn more about DPAS and our audits? Take a look at our audit page or get in touch with the team by filling out a contact form, or giving us a call on 0203 3013384.

similar projects

looking for advice?