The value of personal data to the individual cannot be exaggerated. No one wants their personal data to fall into the wrong hands. No one wishes to become the victim of an identity thief or processed in an unacceptable manner. We expect our personal data to be securely guarded and properly processed; this is the principle objective of the Data Protection Act, 1998 and General Data Protection Regulation (GDPR) (EU) 2016/679.
Accordingly, organisations have a legal responsibility for ensuring personal data held on their systems is safeguarded from compromise. As an organisational representative, are you confident your organisation complies with the requirements set down in the Data Protection Act. Is your organisation aware of the consequences following a breach of GDPR?
Failure to comply with the GDPR can be catastrophic for both citizen and organisation alike. The citizen, whose personal data has now become compromised, is likely to suffer significant distress. The organisation, apart from receiving a heavy fine for a breach, would also very likely suffer loss of business as potential customers’ confidence in the ability of the organisation to maintain regulatory compliance and look after personal data in a secure manner will have been substantially eroded. A good reputation is difficult to win. A bad reputation is easily acquired and hard to lose. You cannot take a risk when it comes to protecting personal information.
A failure to comply with GDPR is defined as a failure to adhere to the principles, provisions and compliance obligations of GDPR; punitive action is not merely applied in the event of an incident or breach.
At Knox Cyber Security, we take the privacy of personal information extremely seriously. We have considerable experience in dealing with the consequences following a data protection breach and associated investigations. We also have a vast amount of experience in helping organisations safeguard the personal data held on their information systems. Our services align perfectly to the requirements of GDPR and associated standards such as BS 10012. We provide the following services:
- Data Protection Consultancy
- Full Outsourced Data Protection Advisory Service
- Writing, reviewing and updating of Data Protection Policy
- Data Compliance Checks and Audits against the Act and associated codes of practice
- Data Protection Staff Awareness Training
- Identification of Data Protection responsibilities when off-shoring data
- Ad hoc assistance with implementing new and emerging directives from the Information Commissioner’s Office (ICO)
- Support in Data Breach Crisis Management, ICO undertakings and Monetary Penalty situations
- Cyber Attack Incident Management and Crisis Planning forming part of ISO22301
- GDPR Gap Analyses
- GDPR Data Flow Audits
- The construction of Data Protection Impact Assessments
- GDPR Transition Services
- GDPR Training and Awareness delivered by CESG Certified GDPR Practitioners
- Aiding compliance with Article 32 of GDPR
Current data protection legislation will undergo change when GDPR is enforceable on 25th May 2018. Is your organisation ready for GDPR?
David Smith, deputy commissioner at the Information Commissioner’s Office stated at Infosec 2014, ‘get your house in order now under the current law, to ensure you are ready for the coming changes, because the principles are not very different’.