The General Data Protection Regulation (EU) 2016/679, which came into force on the 25th May 2018, is intended to protect the rights and freedoms of the data subjects.
It places certain duties on businesses requiring them to satisfy several core principles such as transparency, accountability and 'Data protection by design and by default' and to be able to evidence suitable governance and organisational controls.
Data subjects have eight new rights under the GDPR. This places further obligations on businesses to implement procedures to uphold those new rights.
Another significant change that GDPR brings is that data processors and data controllers now are jointly responsible for data breaches by a data processor. This is causing businesses to request assurance from new trading partners or service providers that they are GDPR compliant. You can understand their caution. It is too risky sharing data with an insecure business.
Non-compliant businesses are going to find it increasingly difficult to win business.
Pro-Networks is GDPR compliant, of course, and we have certified GDPR Foundation and Practitioners to steer you through the maze towards compliance. We have helped implement GDPR at businesses from a wide range of industries. We’d be pleased to talk to you about how we can help you on your journey towards compliance.
Contact us today to talk to one of our data protection and compliance experts.
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats. Compliance to the standard ensures that a set of basic technical and organisational controls are in place to help businesses strengthen their IT Security to shield themselves against such threats.
Pro-Networks is experienced in helping our customers to obtain Cyber Essentials certification.
We would be pleased to talk to you about the different Cyber Essentials levels of certification, and to explain how we can work with you to provide the required information (and any IT remediation) to satisfy the certifying body and obtain your certification.
PCI-DSS is the standard which sets the requirements which must be met for a business to be able to safely and securely accept, store, process, and transmit cardholder data during credit card transactions.
The aim, of course, is to protect the card holder data and to safeguard the transaction, but the standard also protects your organisation. You can be forced to pay recurring levies or fines if you process card transactions and you are not PCI-DSS compliant.
Furthermore, if you are not PCI-DSS compliant it means you have weaknesses in your overall IT security. Those weaknesses will expose you to many other threats such as data breaches. Data breaches of course have their own fines associated with them, but often the reputational damage is worse than the fine. No one is going to want to work with an organisation that has been shown to be insecure.
We will work with you to ensure you are compliant to the PCI-DSS standard.
If you plan to make any significant change to your IT such as a server or workstation refresh, an office relocation, a business acquisition or even just a change to a new line of business application, you should perform a Data Protection Impact Assessment (DPIA).
From the ICO: "A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data protection obligations."
You can think of a DPIA as a risk assessment for data protection. It proves you have considered the risks and vulnerabilities, and what decision (and possibly, action) was made about each one.
It is a document that you will need to refer to during the implementation of whatever planned work you are undertaking. A DPIA ensures the protection of the personal data, and it also protects your organisation from fines and reputational damage.
A DPIA is an integral part of all projects we undertake for our customers. Contact us today to discuss how we can help you to perform a fully compliant DPIA.
The following government and industry standard sites contain resources that will help you understand what you need to do to ensure your business is compliant with data protection rules and ready to respond to any data breach you may suffer in the future.
Information Commissioners Office
PCI Security Standards Council