Tag Archives: GDPR

Cyber Security & Data Protection

Share this story

If we were to ask you to define cyber security, what would you say? You understand the concept but need to know more?

The definition of Cyberspace is an electronic medium of digital networks used to store, modify and communicate information. Cyberspace influences and makes a big impact on our lives, our businesses and services. You would assume that your personal information in cyberspace would be secure and protected. We are all aware that isn’t the case in reality.

The UK government are making on-going transformations to protect UK citizens and businesses. They have a mission to protect people from threat actors that use data for inappropriate, malicious and illegal purposes.

Cyber Security plays a massive part in the private and public sector. From national security, the fight against terrorism, crime or industrial devastation for example. Cybercrime is an everyday occurrence. The risks of storing data in Cyberspace are huge but necessary and protective security measures should be taken.

Being Secure Online in Business

Security threats build and the government need to step up their game.  They are attacking the problem but is it enough? It’s not solely just up to the government to sort the problem. It is the responsibility of companies and us as a country.

Cyber Security is a topic that we should educate ourselves about. Who and what are we dealing with when it comes to cyber security and data protection?

  • The cyber space pirates – this includes hacktivists groups and terrorists. Their resources, accessibility and capabilities are huge. They have the ability to cause carnage on computer networks. Targeting the government, the military, businesses and individuals
  • Cyber space crime is an extension of normal crime. The difference is, the pirates don’t need to be in the location of the crime to do the deed. It’s a crime that can be free, cheap and on a massive catastrophic scale
  • The heartless pirates can use software (malware) to demolish cyber infrastructure. This could be as simple as taking a website offline or just damaging infrastructure. A process known as CAN (Computer Network Attack)

Businesses have a responsibility to their customers to keep their data safe, as well as to shareholders and investors to remain competitive in a global marketplace.

The new GDPR due to come into force in May 2018 will help tackle the data protection issues. **Insert a link to your GDPR articles. You could make reference to some key points. The government are trying to build a country where people know that there data is protected and they can move forward with confidence to use the internet.

How are the government going to deal with cyber security and data protection?

  • Attacking the problem and the source
  • Making businesses realise their responsibilities when it comes to data protection
  • The government will educate organisations so they know how to protect the data
  • A realisation that so far, the government’s effort to deal with the issue has been insufficient
  • Efficient cyber security risk management is vital
  • There needs to be compliance or there will be a fine!
  • There will be a regular review of the challenges
  • The government will get a better understanding of cybercrime and deliver programmes
  • They should be aware of the constant threat changes
  • Cyber insurance policies should be available to an organisation to cover them against a range of cyber risks


How to Prepare for the GDPR

Share this story

Your first priority for preparation in terms of GDPR should be to educate yourself and ensure others in your organisation who has responsibility for data. It doesn’t matter about the size or legal entity of a business – we must all follow the same rules when it comes to handling data.

Don’t hesitate, assess, take action now and be ready.

Here are 10 considerations to help you prepare for the GDPR:

The GDPR is a law about Data Protection, based on a set of common-sense principles:

  • A “right to be forgotten”: When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press
  • Easier access to your data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portabilitywill make it easier for individuals to transmit personal data between service providers
  • The right to know when your data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures
  • Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ is now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps
  • Stronger enforcement of the rules: Data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover or £17,000,000 – whichever is more

Understand the definition of ‘personal data’.

Personal Data means any information relating to an identified or identifiable natural person (a “data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. ~Article 4(1) of the EU GDPR 2016/679.

Read the New Data Protection Bill.

You can find the ‘The New Data Protection Bill: Our Planned Reforms’, on the government website. Insert the link that you already have, into the above title.

The New Data Protection Bill covers the following 4 topics:

  • The Digital Economy
  • Our Data Protection Reforms
  • Implementing the Reforms
  • Looking ahead

Seek legal advice if you are unsure.

This article offers insights and guidance about the GDPR. It is highly recommended that you seek your own legal advice in preparation for the big change.

If you have a Website

Data on a website can be anything from a simple enquiry form, an ecommerce/online sales website to online user accounts that have details saved. Make sure that your website is encrypted with an SSL certificate and that any data gathered is stored in a safe and secure environment once it reaches you.

Identify where your company is storing data, for example:

  • Your website
  • Telesales – do you store names and numbers for your agents to call?
  • Direct mail – do you have completed order forms stored away with contact details?
  • Customer service departments – calls taken from potential customers and those recorded details
  • Personal contact with people – the exchange of business cards from a tradeshow or exhibition

Prepare your staff and make them well aware of the changes that are coming. Make sure that they understand the principles of good data protection and that they don’t write down details of people on a piece of paper that could go astray, end up in the bin or taken home on computers or memory sticks where information could get stolen.

Evaluate your environment and how you document personal data – where did it come from, who have you shared it with? How will you audit the data? Review current policy notices and put a plan in place – procedures and timescales.

Be compliant, review your practices and make sure that, to the best of your ability, you look after the data as if it were your own. Make sure your organisation’s privacy policy of how you handle data is compliant with the new rules and is up to date.

Decide how you will be able to prove that your data is secured safely and how to seek consent moving forwards.

The General Data Protection Regulation will apply to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries will also be affected. Even though the UK is planning to leave the EU, the UK will still need to comply with the GDPR.

Do you need to employ a Data Officer?

A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. A DPO would be recommended for any organisation that processes or stores large amounts of personal data, whether for employees, individuals outside the organisation, or both. Seek advice as to whether your company should employ a DPO or make sure someone in the business has responsibility for Data Protection.

What have you done so far to prepare for the GDPR?

If you need help, support or just have a GDPR question you can call us 0203 319 3930 or drop me an email.

Last week….

GDPR and your Business

Next week…

Cyber security and data protection.

The GDPR and Your Business

Share this story

If you are a business that handles data, either as a processor or a controller, make sure you put the 25th May 2018 in your diary. Most businesses are.


A new data law coming, consider it to be the existing Data Protection Act… but on steroids. If you breach the new rules, or show that you haven’t got sufficient policies, procedures, training or protection in place, your business could be facing a significant fine.

Currently, the maximum fine the ICO (Information Commissioner’s Office) can issue is £0.5m. Larger fines of up to £17m (€20m) or 4% of global turnover will be allowed, enabling the ICO to respond in a proportionate manner to the most serious of data breaches.

What is the GDPR?

Just in case you weren’t aware, the EU General Data Protection Regulation (GDPR) is a new law about data protection. ‘information age’ revealed that 55% of small businesses are unfamiliar with the GDPR. If you have a business that handles data, take action now and be prepared.

The GDPR is a law about Data Protection, based on a set of common-sense principles:

  • The Right to be Informed
  • The Right of Access
  • The Right to Rectification and Right to Be Forgotten
  • The Right to Restrict processing
  • The Right to Object
  • The Right to Data Portability

We are doing it, you should be too.

Network & Security are registered with the ICO as a Data Processor for its clients. With out experience, Network & Security are ready to be compliant with upcoming changes in policy, procedures or any data protection regulations or laws. We understand the importance of these laws (and processes/procedures that come with it) and appreciate it’s not just how they affect the business but those that work within the company too.

Where can you find out more about the GDPR?

The UK government’s Department for Digital, Culture, Media & Sport has created a New Data Protection Bill: Our Planned Reforms.

In the Bill’s foreward, the RT Hon Matt Hancock MP, Minister of State for Digital explained the following:

  • A generation ago Parliament passed the Data Protection Act, since then, digital technology has transformed almost every aspect of people’s lives
  • It has brought huge advantages: social advantage, bringing the world closer together, and economic advantage, transforming our economy
  • For all its many benefits, there are also concerns. Parents worry that their children may be vulnerable online in ways they don’t understand
  • Customers worry what companies are doing with their data. Citizens worry that others might intrude on their privacy online
  • To protect people’s privacy, while allowing and encouraging the innovation that digital technology allows, they must balance freedom and responsibility online
  • The Data Protection Act has done that well, providing people with more control over how their personal information is used and limiting processing to the purpose for which it was collected, subject to various public interest exemptions
  • There are stronger protections in the UK than most, and the regulatory arrangements are often seen as the gold standard
  • While people should all be assured that data is well protected in the UK, change is needed. The technology, and society has changed
  • The Data Protection Bill, promised in the manifesto and announced in the Queen’s speech, will bring our data protection laws up to date
  • It will both support innovation by ensuring that scientists and businesses can continue to process data safely
  • It will ensure that people remain assured that their data is safe as they move into a future digital world based on a system with more accountability, but less bureaucracy
  • The Bill includes tougher rules on consent, rights to access, rights to move and rights to delete data
  • Enforcement will be enhanced, and the Information Commissioner given the right powers to ensure consumers are appropriately safeguarded
  • The Bill will also bring EU law into our domestic law. On 23 June 2016, the EU referendum took place and the people of the United Kingdom voted to leave the European Union
  • Until exit negotiations are concluded, the UK remains a full member of the European Union and all the rights and obligations of EU membership remain in force
  • During that period the government will continue to negotiate, implement and apply EU legislation. The outcome of these negotiations will determine what arrangements apply in relation to EU legislation in future once the UK has left the EU
  • Bringing EU law into our domestic law will ensure that the government help to prepare the UK for the future after they have left the EU
  • The EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) have been developed to allow people to be sure they are in control of their personal information while continuing to allow businesses to develop innovative digital services without the chilling effect of over-regulation
  • Implementation will be done in a way that as far as possible preserves the concepts of the Data Protection Act to ensure that the transition for all is as smooth as possible, while complying with the GDPR and DPLED in full
  • When it comes to law enforcement, the Bill will ensure that the data of victims, witnesses and suspects of crimes, are protected in the context of criminal investigations and law enforcement action
  • It will ensure that criminal justice agencies can continue to tackle crime and terrorism whilst protecting the data rights of those involved in criminal investigations or proceedings. Criminals and terrorists show no respect for international borders so the Bill will ensure that UK criminal justice agencies work effectively with counterparts in other countries
  • The Data Protection Bill will allow the UK to continue to set the gold standard on data protection. The UK already has the largest internet economy in the G20. This Bill will help maintain that position by giving consumers confidence that Britain’s data rules are fit for the digital age in which we live

The New Data Protection Bill: Our Planned Reforms covers the following 4 topics:

  1. The Digital Economy.
  2. Our Data Protection Reforms.
  3. Implementing the Reforms.
  4. Looking ahead.

Find out more about the New Data Protection Bill: Our Planned Reforms.

We will be returning to this topic next week – ‘How to prepare for the GDPR’.