← All Case StudiesRetail / Technology

Photobox Group

Building a Resilient Cybersecurity Foundation to Protect Customer Data and Ensure GDPR Compliance

Photobox Group, a leading provider of personalised photo products, operates across Europe, servicing brands in France, Germany, Spain, and the Netherlands. With GDPR compliance on the horizon in 2017, Photobox faced a critical need to build a cybersecurity framework from scratch. At the time, the organisation had no processes in place, limited visibility into potential incidents, and managed risks through static spreadsheets.

The Challenge

Key issues

01

Lack of established processes or procedures for cybersecurity management.

02

Need to transition from group risk to group security with the hiring of a new CISO and expansion of the team from 4 to 25.

03

Urgent requirement for GDPR compliance, particularly around protecting customer data and managing incident response.

04

Creating a proactive security culture to engage employees across diverse regions.

The Solution

What we delivered

Culture Gem crafted a comprehensive solution tailored to meet Photobox Group's needs.

  • Set a benchmark using ISO 27001 to establish foundational policies and procedures for a proactive, compliant cybersecurity framework.

  • Developed a Risk Acceptance Programme that transformed risk management from passive documentation into an active, living programme, linking vulnerabilities, incidents, and risks.

  • Created bespoke training and awareness campaigns focusing on real-world scenarios, which increased incident reporting rates and security engagement among staff.

  • Implemented incident reporting and management to provide visibility into potential risks and tangible evidence of security's impact on margins, helping secure board-level support.

  • Provided recruitment and mentorship support to expand the cybersecurity team and instil a strong cyber-aware culture within the organisation.

The Results

Outcomes

Significant increase in incident reporting rates following targeted awareness campaigns, resulting in a more vigilant and proactive workforce.

Secured board sponsorship for ongoing security initiatives by demonstrating the business impact of cybersecurity through incidents linked to margin impacts.

Long-term strategic value — Culture Gem's approach led the CISO to bring us into two additional organisations for continued mentorship, process setup, and incident response training.

Want results like these?

Every engagement starts with a conversation about your challenges.

Get In Touch →