GDPR (General Data Protection Regulations) are new EU regulations which will make the protection of personal information stronger. GDPR came into force in May 2018 and, if a company has a data breach, it could result in a fine of up to 4% of global turnover. However Cyber Essentials is a baseline and GDPR requires more than just basic security protective measures in place.
As a company you have a duty to report a breach within 72 hours. If that breach is potentially of high privacy risk.
You also have to provide data on a person if they request it, remove data if they want it removed and change data if they want it changed.
Personal information includes anything that can identify a person this includes IP addresses.
What about Brexit?
Regulations will still apply post Brexit. The ICO (Information Commissioners Office) has stated that if they don’t continue with GDPR they will seek something similar. Even after leaving Europe if you process EU citizens data you still have to abide By GDPR
As a company we recommend Cyber Essentials with IASME Governance as a good starting step for GDPR .
Cyber Essentials with IASME Governance is the only standard recognised by the UK Government and shows that you have prepared for GDPR.
This provides you with the following:
- Cyber Essentials Certification. Demonstrates that you have basic security measures in place to protect your networks.
- GDPR Question Set. Demonstrating that your company manage and control protecting personal data and is “GDPR Ready”
- Information Assurance: Many of these are required for GDPR compliance; such as access to information, training staff and assessing the risk to the business.
- Automatic Cyber Insurance. £25,000 cyber attack insurance to help deal with a data breach.
As an IASME governing body we provide packages to assist with Cyber Essentials and IASME governance. However we do understand that some companies may not want do or do not require this and wish to go for a bespoke GDPR package this can also be provided.
Benefits of the Bespoke Package
- Dedicated GDPR Practitioner assigned to your company.
- A site visit to speak face to face with your staff to see what needs to be improved.
- GDPR gap analysis with a plan to get your company GDPR compliant in the shortest amount of time.
- Assistance in creating polices and procedures.
- Cyber awareness and data protection training for your staff. (can be conducted separately)
- Phone and E-Mail support.