who is responsible for GDPR

Who Is Responsible For GDPR?

00Business Risk, Cyber Security, GDPR, Supply Chain Risk

Just who is responsible for GDPR in a company?… Everyone starting at board level down…

GDPR In The Press

There was a flurry of press coverage, interviews, radio and TV coverage recently as the ICO began their campaign to make businesses and other organisations aware that there is now less than 200 working days until the EU General Data Protection Regulation (EU GDPR) and the new UK Data Protection Act become law on the 25th May 2018.

But here at Risk Evolves HQ we sighed with frustration and gnashed our teeth that the wonderful BBC continue to report this as a technology story.

Once more the responsibility for all things data related is expected to fall on the shoulders of the much maligned IT Department / Provider. As we have highlighted previously, the entire organisation has a responsibility.

Who Will Be Affected By GDPR?

The EU GDPR will touch every aspect of the organisation and it is important that organisations begin to work on a strategy now. And we very deliberately say ‘organisation’ as the new laws apply to all organisations – commercial, public sector, charities, not for profit, education, SME’s, sole traders – you name it, it is likely to affect you. In brief, anyone who collects and processes data, regardless of organisations sector and size. And regardless of whether it’s digital (ie. on a computer) or on paper.

The EU General Data Protection Regulation (EU GDPR) and the new UK Data Protection Act become law on the 25th May 2018.

The golden rule – if you have data that can identify an individual, then the data is personal. This could be through name, address, IP address, finger print etc. Personal information needs to be treated and respected in the same way as any other company asset. With care and respect, protecting it from damage or theft.

 

Why is GDPR more than just an IT Manager’s Issue?

  • Human Resources / Personnel : they should manage starters and leavers to the organisation, ensuring that new starter information is correctly managed, that employment contracts and induction programmes  make individuals aware of their responsibility to manage data as an asset. They may need to gain consent from the individual for DBS checks, DVLA checks and gain authorisation to process data for payroll, reassuring them that it will not be misused. If you provide information to pension providers, or companies that provide health care benefits, are their systems secure ? What are they doing as data processors to protect individuals information?
  • Training : the on-going education and training of staff to ensure that they understand how data can and cannot be managed. This needs to include information on what to do if they think that they have lost data
  • Procurement : they should ensure that any 3rd parties who may be used to process data follow the same ethos, that the data is protected, not shared with others, and that only the information that is required is passed to them. Equally, if they lose data, suffer a ransomware attack or suspect that their systems have been compromised,, how will this be communicated to you as the data controller ? And if you have outsourced your IT, does the provider have the correct processes and systems in place to manage your data securely ?
  • Legal : are the contracts that are in place with Customers and suppliers robust enough in the new era ?
  • Marketing : similar to the current legislation, marketing has to change to ensure that customers who have positively opted in to mail (both online and postal) campaigns receive emails,
  • Security : is the office and other premises secure ? How is physical data (ie. paper, old laptops etc) destroyed ?

…. The list goes on ..

Management NEED To Take Ownership Of GDPR

However, absolutely key, the management team need to demonstrate to customers and employees that they are serious about the new legislation by taking ownership for ensuring the resources are available to support. This responsibility cannot be abdicated, and in some instances, they will need to assign the role of  Data Protection Officer to an individual who can join them at Board level.

This is clearly not solely a technology challenge !  It is possible to avoid the over reported threat of fines by taking some straight forward and pragmatic steps now.

We understand that these changes all sound daunting, regardless of the size, sector or turnover of your organisation. However, help is at hand. Contact us to find out how the new legislation and regulations apply to your organisation, and for information on our no nonsense approach to becoming compliant.

Contact Us Now

 

NHS ransomware

NHS Cyber Attack

10Cyber Attack, Cyber Security, Latest news, Ransomware

What is the NHS Cyber Attack?

Today (12th May 2017) news broke of a massive NHS Cyber Attack that has had catastrophic impact on our NHS, leading to a major incident being declared.

Operations have been delayed or cancelled, patients have delayed being discharged from or admitted to hospital, prescriptions have not been issued, A&E has been disrupted … the impact of the NHS cyber attacks continue and sadly there is a real risk that lives may be jeopardised.

Was the NHS Cyber Attack targeted?

According to the BBC News, the attack does not appear to have been limited to the UK with 70+ other countries impacted. A major ransomware attack has unfolded, impacting thousands of users.

More info

business risks are vital

The 4 Essential Business Risks For Every Business Owner Must Know

00Business Resilience, Business Risk, ISO9001, Risk Education, Risk Management

The 4 Essential Business Risks Every Business Owner Must Know

Whether you are an SME or an international corporation, you will have been and are exposed to business risks on a daily basis. Unfortunately, no business is immune regardless of its size or industry presence. Risks and issues come in many forms including Financial, Operational, Supply Chain and Cyber. Each type of risk or issue is as detrimental to a business as the others.

The word risk seems to be becoming commonplace in our daily conversations both in and out of the office. The concept of risks and issues can seem confusing and these terms often used interchangeably. Those in the know are guilty of assuming that people know what risks and issues are and how much they can impact a business.

More info

Complying To GDPR

What Are The Consequences Of Not Complying To GDPR?

00Business Risk, Cyber Attack, Cyber Security, Data breach, GDPR, IASME, ISO27001, Latest news, Risk Education, Risk Management

So what are the consequences of not complying to the EU General Data Protection Regulations ?

I recently wrote a blog ‘What is GDPR and why do you need it?’ to highlight the real meaning behind why data protection is changing.

What Are The Consequences Of Not Complying To The GDPR?

The UK Government and Information Commissioners Office (ICO) have declared that no new legislation will be introduced to cover the growing threat of cybercrime as this is a business owner responsibility to address.

What they will enforce though is legislation about the use of data… If data is protected then at least any cyber-attacks will mean that personal data is (or should be) protected and safe.

What Are The GDPR Fines Or Punishment?

So the focus is on the GDPR and the penalties for non-compliance are eye watering

  • Infringement of Articles 5, 6, 7 and 9 carries a penalty fine of up to €20M or up to 4% of total global revenue of the preceding year, whichever is greater.
  • Infringement of Articles 8,11, 25-39, 42 and 43 carries a penalty fine of up to €10M or up to 2% of total global revenue of the preceding year, whichever is greater

In summary, we know that the GDPR is coming, that it will become law in May 2018, that it is important, that it should not be ignored and that there will be some pain if we fall short.

You need to comply to the GDPR so the question is…

More info

GDPR the new legislation

What is GDPR and why do you need it?

00Business Risk, Cyber Security, Data breach, GDPR

Why Do We Need the EU GDPR?

The European Union General Data Protection Regulations (or EU GDPR for short) is the update to the current UK Data Protection Act. It will impact all business and how we deal with data online.

Current Data Protection legislation was launched in 1998 and has improved the way businesses control our personal or sensitive data.

Increasingly if you are like me, you find yourself questioning on a daily basis, why more and more people are able to gain my details and send me junk mail and spam, or monitor my activity on websites.

How is this possible if I have ticked the TPA exclusion boxes or put exclusions on my BT line?

The fact is that data protection requirements were written for a different time, so what was a compliant use and retention of data is now not fit for purpose.

Perhaps the legislation was not unreasonable in 1998…….

Where were you 20 years ago? You may have had a computer with a floppy disk and a processor far less powerful that a mobile device today.

I still have my BBC commodore so can quickly prove this to be true!!

  • There was also no Facebook no Google, no Twitter, Instagram to name a few.
  • An iPad didn’t exist, a tablet was still something prescribed by your doctor.
  • Robotics amounted to watching K-9 on Dr Who!

In fact, everything was different … including control and access to data.

Bring the clock forward to a far more technologically advanced world…

More info

what is skimming

What is skimming?

00Latest news

As you know we’re passionate about the role that people and processes have to play in the fight against cyber crime… But seriously what is skimming?

This week, we had a stark reminder of just how easy it is to be a “victim.”

One of the team was idly flicking through the police feed on Twitter… obviously working hard… well sort of!

The police tweeted the discovery of skimming device on an ATM in the local area.

More info

Cyber Security For Small Business

Small Business Cyber Security

00Cyber Security, Featured news, Supply Chain Risk

There is a dangerous trend emerging in small business cyber security…

So many SMEs like you are working in the belief that “it won’t happen to me..”

But we enter into 2017 you cannot get away from the continued warnings about cyber risk and cyber threats, the amount of information is frightening.

Are you carrying on with known or unknown weaknesses in your businesses systems and processes?

If you know the weaknesses then you only have yourself to blame, but the scariest problem is the weaknesses you don’t know that make you vulnerable to a cyber attack.

The Landscape of Small Business Cyber Security

The landscape for cyber threat is rapidly changing as is the nature of a cyber criminal too.

No longer is it a chancer trying to hack your system because they can.

Now it’s as likely to be an organised professional criminal with multi millions as the prize; and of course the more they gain the better and bigger their cyber and hacking abilities become.

Stats released for 2016/2017 around cyber threats were astonishing and in particular the growth in the last 3 months of the year.

More info

How can i improve my business resilience

6 tips to improve your business resilience in 2017 : A New Year Resolution

00Business Resilience, Business Risk

6 Tips To Improve Your Business Resilience In 2017: A New Year Resolution

Well it’s that time of the year again when we all make promises to ourselves that we will do something different in the new year:

  • join the gym,
  • stop smoking,
  • stop drinking
  • reconnect with friends that we haven’t seen for some time etc.

Here at the Risk Evolves HQ we’ve been discussing the New Years resolutions you should consider for your business.

One things is for sure – 2017 is going to be filled with change…

  • What will the terms of Brexit be when Theresa May invokes Article 50 and how will they impact the UK ?
  • Will inflation in the UK rise as predicted by Mark Carney ?
  • What will the new policies of President-Elect Trump mean for the World ?
  • How will the General Elections to be held in Holland, France and Germany impact Europe ?
  • Will the current peace plan negotiated by Russia for Syria hold?
  • How will the continuing cyber threat impact the UK and the overall global economy ?

Unfortunately, no one has a crystal ball to predict the future…

At Risk Evolves we much prefer to focus on the items that we can influence, and to keep a watch on the things that we can’t. More info

Supply-chain-risk

What is Supply Chain Risk

00Business Risk, Supply Chain Risk

What is supply chain risk?

The phrase ‘supply chain risk’ is one that is now heard in the news with increasing frequency. But what it is, how can it affect small businesses, and what should we do to manage it?

Supply chain risk is a potential risk to damage a business from an unknown problem within the supply chain. Essentially it might not directly be your fault, but you should have had procedures in place to check. Remember it’s always your reputation that could be damaged first.

Supply chain risk in Supermarkets & Fashion

Who can forget the media frenzy when horsemeat was found in frozen products like burgers and lasagne sold by the major supermarket chains. Our trust as the paying public in the organisations who supply these goods changed, driving the supermarkets to change their processes.

Since that  scandal in 2013 the way businesses manage and consider who is in their supply chain has changed. As a direct result, a number of supermarkets were forced to learn lessons on how they interacted with their suppliers. Roll forward to 2015, and a new debate food waste and the fate of ‘wonky vegetables‘ commences.

We are now much more conscious of where our produce has been sourced, the contents and the ethical nature of how it has been produced. More info

The Key Business Risks For 2017

The Key Business Risks For 2017

00Business Risk

The Key Business Risks For 2017 And What You Must Do To Prepare For Them.

The landscape is changing and so are the key business risks for 2017. External business risk is growing at an exponential rate, especially in cyber crime. We look back at some of the greatest business risks of 2016 and predict how these might shape your strategy for 2017.

The Business Life Cycle & Business Risk

businesssaleslifecycleThe risk your business faces will vary depending on where you are in the business life cycle. Undoubtedly you will have faced risk and will have many more business risks impacting your growth.

As Forbes recently mentioned business risk continues to evolve.

What concerned you say 2 or 3 years ago may look very different in 2017. The risk is not just internal but increasingly also from external……….If your business is facing new risks, what are you doing to prevent and or prepare? More info