15 04, 2024

Boosting Awareness: A Guide to Effective GDPR and Information Security Activities

As a business owner, you're well aware of the importance of GDPR compliance and information security. However, maintaining awareness among your staff can be a challenge. It needs to be something that is memorable, educational, cost effective and engaging, not a short list! I have set out below some different activities you could try to help raise awareness effectively. 1. Regular Training Sessions One of the most effective ways to instill good data protection [...]

8 04, 2024

Ongoing Awareness Activities: Your Key to Promoting Good GDPR and Information Security Practices

As a small business owner, you may be juggling multiple hats and responsibilities. Among these, ensuring the security and integrity of your business's data, especially under the General Data Protection Regulation (GDPR), is crucial. Ongoing awareness activities support increased knowledge and reduce the risk of data breaches and can not only enhance your business's data protection practices but provide a host of additional benefits too. 1. Ensuring Compliance with GDPR GDPR compliance is not [...]

1 04, 2024

The Role of Cyber Security in Protecting Your Small Business Data

As a small business owner, you understand that your data is one of your most valuable assets. It's the lifeblood of your operations, key to your growth strategy, and often, the base to build relationships with customers. But in an increasingly digital world, this data is under relentless attack. That's where cyber security steps in. Cyber security is not just a buzzword. It's a necessity for businesses of all sizes, especially for small businesses [...]

25 03, 2024

Why Small Businesses Can’t Ignore Data Protection and information security

Many small business owners think they are too small to be a target for cyber criminals, the truth is that companies of all sizes face major risks when it comes to data breaches and lack of information security procedures. Failure to properly secure customer data can result in severe penalties, legal liability, and a devastating loss of customer trust. The Devastating Impact for One Small Retailer We took a call this week from a [...]

11 03, 2024

How do I know my Small Business is GDPR compliant?

How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]

4 03, 2024

Pseudo-anonymisation vs Anonymisation: What’s the Difference?

Pseudo-anonymisation vs Anonymisation: What's the Difference? is a question we were asked this week. When handling personal data, there are two main methods for de-identifying individuals - pseudo-anonymisation and anonymisation. But what exactly do these terms mean and how do they differ? Pseudo-anonymisation refers to replacing direct identifiers (like names) with indirect ones (like numbers). So in a pseudo-anonymised list, each individual is still assigned a unique code but this can be mapped back [...]

26 02, 2024

How long should I keep staff records?

"How long should I keep staff records?" is a frequent question we get asked. The answer is not straightforward as you have to consider current staff and previous staff and the type of records that are being maintained. Data Protection Legislation, including GDPR, sets out that you should not retain information for longer than necessary but you also need to consider the prospect of a legal or insurance claim and therefore retain the documents [...]

13 02, 2024

Market Research and Security Questionnaires

Market Research and Working Internationally - Security Questionnaires When a small market research agency is looking to work with large multinational corporations, one of the hurdles you may encounter is completing their procurement and security questionnaires for third party vendors. These detailed questionnaires allow corporations to assess potential vendors, partners, and agencies across areas like data security, privacy practices, and more. When working with large corporates who have dedicated legal and procurement teams, these [...]

23 01, 2024

Bring Your Own Device (BYOD) – The risks and rewards

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and [...]

30 08, 2023

What is the difference between encryption and password protection?

In discussions about information security and data protection, the notion of password protection often arises as a perceived safeguard. However, the efficiency of this method hinges on the nature and complexity of the password being used and the sensitivity of the information being protected. Distinguishing between encryption and password protection is crucial. Imagine your data as valuables stored within a secure box. Password protection means locking this box with a password; the password is [...]

16 07, 2023

Sending an email to the wrong person is one of the most common data breaches

Sending an email to the wrong person is one of the most common data breaches. It’s also usually down to human error, usually because someone is time pressured or trying to do more than one thing at once or not familiar with the software. This happened to one of my clients the other day, they rang me to say they had sent a report about one of their clients to one of their other [...]

25 06, 2023

What’s the difference between GDPR and Data Protection?

"What is the difference between GDPR and Data Protection?" is a questions I asked the other day. It can be very confusing as we use the term GDPR regularly to describe a piece a legislation we need to adhere to. GDPR stands for the General Data Protection Regulation. It’s the European wide legislation brought in in 2018, that created a tsunami of changes to the way businesses collect, store and destroy personal information. In [...]

19 04, 2023

Procurement Questionnaires

Procurement, due diligence or security questionnaires, whatever you want to call them are becoming far more common and businesses we work with, who haven't had them before, are starting to get them. We work quite widely in the security sector and they have started getting them from other companies that they work with. Generally, the questionnaires are based on the International Standard ISO27001. The questions can be phrased strangely and be difficult to understand [...]

12 04, 2023

Data Breach – Don’t make it complicated

Let me tell you about a recent incident with one of our clients. So, they had a bit of a hiccup and this led to a data breach. But it was a small data breach, with one person’s information incorrectly shared with another individual. Apparently, someone accidentally emailed the information to the wrong person. A common mistake. But when we sat down to discuss what had happened, they were ready to overhaul their entire [...]

28 02, 2023

A daily Absence report causing Problems

Usually we work with companies, but occasionally an individual will contact us asking for advice. This happened last week when an individual wanted to know if the company they were working for could send the daily emails about absences. The emails look something like this: Absences Email As you can see it shows who is absent and why. These emails are produced daily so could give a history of absences. Also is it appropriate [...]

14 02, 2023

What is special category data?

Special category data is personal information that needs more protection because it is considered sensitive under data protection legislation. There are nine special categories of personal information. They are information that relates to: - race, racial and ethnic origin; - political opinions; - religious or philosophical beliefs; - trade union membership; - genetic data; - biometric data such as fingerprints, eye scanners, but only where it's being used for identification purposes; - health information; [...]

17 01, 2023

What is your password policy and is it effective?

What is your password policy and is it effective? Frequent password changes are one of the things many organisations advocate and actively manage by expiring a password so that it has to be replaced. We are helping a client obtain Cyber Essentials Certification and have been looking at the National Cyber Security Centre (NCSC) website, which has a different viewpoint on passwords. Password changes are designed to limit the harm that comes from an [...]

10 01, 2023

How long do you have to respond to a Subject Access Request?

Two days before Christmas we had a call to the helpline about a Subject Access Request. A company had received a request and the requestor had said that they had 14 days to respond and provide the information. Obviously with all the Christmas and New Year bank holidays, the company were panicking about responding within 14 days. Firstly, the response time for a subject access request is one calendar month. The person making the [...]

Go to Top