25 03, 2024

Why Small Businesses Can’t Ignore Data Protection and information security

Many small business owners think they are too small to be a target for cyber criminals, the truth is that companies of all sizes face major risks when it comes to data breaches and lack of information security procedures. Failure to properly secure customer data can result in severe penalties, legal liability, and a devastating loss of customer trust. The Devastating Impact for One Small Retailer We took a call this week from a [...]

11 03, 2024

How do I know my Small Business is GDPR compliant?

How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]

4 03, 2024

Pseudo-anonymisation vs Anonymisation: What’s the Difference?

Pseudo-anonymisation vs Anonymisation: What's the Difference? is a question we were asked this week. When handling personal data, there are two main methods for de-identifying individuals - pseudo-anonymisation and anonymisation. But what exactly do these terms mean and how do they differ? Pseudo-anonymisation refers to replacing direct identifiers (like names) with indirect ones (like numbers). So in a pseudo-anonymised list, each individual is still assigned a unique code but this can be mapped back [...]

26 02, 2024

How long should I keep staff records?

"How long should I keep staff records?" is a frequent question we get asked. The answer is not straightforward as you have to consider current staff and previous staff and the type of records that are being maintained. Data Protection Legislation, including GDPR, sets out that you should not retain information for longer than necessary but you also need to consider the prospect of a legal or insurance claim and therefore retain the documents [...]

13 02, 2024

Market Research and Security Questionnaires

Market Research and Working Internationally - Security Questionnaires When a small market research agency is looking to work with large multinational corporations, one of the hurdles you may encounter is completing their procurement and security questionnaires for third party vendors. These detailed questionnaires allow corporations to assess potential vendors, partners, and agencies across areas like data security, privacy practices, and more. When working with large corporates who have dedicated legal and procurement teams, these [...]

23 01, 2024

Bring Your Own Device (BYOD) – The risks and rewards

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and [...]

30 08, 2023

What is the difference between encryption and password protection?

In discussions about information security and data protection, the notion of password protection often arises as a perceived safeguard. However, the efficiency of this method hinges on the nature and complexity of the password being used and the sensitivity of the information being protected. Distinguishing between encryption and password protection is crucial. Imagine your data as valuables stored within a secure box. Password protection means locking this box with a password; the password is [...]

16 07, 2023

Sending an email to the wrong person is one of the most common data breaches

Sending an email to the wrong person is one of the most common data breaches. It’s also usually down to human error, usually because someone is time pressured or trying to do more than one thing at once or not familiar with the software. This happened to one of my clients the other day, they rang me to say they had sent a report about one of their clients to one of their other [...]

25 06, 2023

What’s the difference between GDPR and Data Protection?

"What is the difference between GDPR and Data Protection?" is a questions I asked the other day. It can be very confusing as we use the term GDPR regularly to describe a piece a legislation we need to adhere to. GDPR stands for the General Data Protection Regulation. It’s the European wide legislation brought in in 2018, that created a tsunami of changes to the way businesses collect, store and destroy personal information. In [...]

19 04, 2023

Procurement Questionnaires

Procurement, due diligence or security questionnaires, whatever you want to call them are becoming far more common and businesses we work with, who haven't had them before, are starting to get them. We work quite widely in the security sector and they have started getting them from other companies that they work with. Generally, the questionnaires are based on the International Standard ISO27001. The questions can be phrased strangely and be difficult to understand [...]

12 04, 2023

Data Breach – Don’t make it complicated

Let me tell you about a recent incident with one of our clients. So, they had a bit of a hiccup and this led to a data breach. But it was a small data breach, with one person’s information incorrectly shared with another individual. Apparently, someone accidentally emailed the information to the wrong person. A common mistake. But when we sat down to discuss what had happened, they were ready to overhaul their entire [...]

28 02, 2023

A daily Absence report causing Problems

Usually we work with companies, but occasionally an individual will contact us asking for advice. This happened last week when an individual wanted to know if the company they were working for could send the daily emails about absences. The emails look something like this: Absences Email As you can see it shows who is absent and why. These emails are produced daily so could give a history of absences. Also is it appropriate [...]

14 02, 2023

What is special category data?

Special category data is personal information that needs more protection because it is considered sensitive under data protection legislation. There are nine special categories of personal information. They are information that relates to: - race, racial and ethnic origin; - political opinions; - religious or philosophical beliefs; - trade union membership; - genetic data; - biometric data such as fingerprints, eye scanners, but only where it's being used for identification purposes; - health information; [...]

17 01, 2023

What is your password policy and is it effective?

What is your password policy and is it effective? Frequent password changes are one of the things many organisations advocate and actively manage by expiring a password so that it has to be replaced. We are helping a client obtain Cyber Essentials Certification and have been looking at the National Cyber Security Centre (NCSC) website, which has a different viewpoint on passwords. Password changes are designed to limit the harm that comes from an [...]

10 01, 2023

How long do you have to respond to a Subject Access Request?

Two days before Christmas we had a call to the helpline about a Subject Access Request. A company had received a request and the requestor had said that they had 14 days to respond and provide the information. Obviously with all the Christmas and New Year bank holidays, the company were panicking about responding within 14 days. Firstly, the response time for a subject access request is one calendar month. The person making the [...]

16 05, 2022

Legitimate interest as a lawful basis is not an excuse to market to everyone.

This week through the helpline, we had a call from a company who had used legitimate interests to scrape email addresses from the web, and then send them marketing information. They explained that marketing emails were in their interests and the interests of the person emailed so they could place their services and goods on the caller’s platform for sale. There are very specific rules about email marketing both in data Protection legislation and [...]

30 04, 2022

Email Marketing – Do I need a tickbox?

Back to Basics and email marketing. Over the last couple of weeks we've been looking at some email marketing signup forms. And it's quite interesting when an organisation decides to put a tick box, although sometimes it's the software that has a tick box that you cannot remove. When someone is signing up for your email marketing list, you might create a form where someone can insert their email address and there's a tick [...]

18 04, 2022

Are your suppliers protecting your business information?

We find clients don't often think about supplier risk. Currently we're working with a company to implement ISO27001 and as part of that process, we are checking their suppliers for information security standards and GDPR etc. As part of checking suppliers for compliance, we needed a list of the suppliers and this particular company have outsourced their finance function to an accountancy firm. We asked the accountants to provide a list of the suppliers [...]

Go to Top