15 04, 2024

Boosting Awareness: A Guide to Effective GDPR and Information Security Activities

As a business owner, you're well aware of the importance of GDPR compliance and information security. However, maintaining awareness among your staff can be a challenge. It needs to be something that is memorable, educational, cost effective and engaging, not a short list! I have set out below some different activities you could try to help raise awareness effectively. 1. Regular Training Sessions One of the most effective ways to instill good data protection [...]

Read More
8 04, 2024

Ongoing Awareness Activities: Your Key to Promoting Good GDPR and Information Security Practices

As a small business owner, you may be juggling multiple hats and responsibilities. Among these, ensuring the security and integrity of your business's data, especially under the General Data Protection Regulation (GDPR), is crucial. Ongoing awareness activities support increased knowledge and reduce the risk of data breaches and can not only enhance your business's data protection practices but provide a host of additional benefits too. 1. Ensuring Compliance with GDPR GDPR compliance is not [...]

Read More
1 04, 2024

The Role of Cyber Security in Protecting Your Small Business Data

As a small business owner, you understand that your data is one of your most valuable assets. It's the lifeblood of your operations, key to your growth strategy, and often, the base to build relationships with customers. But in an increasingly digital world, this data is under relentless attack. That's where cyber security steps in. Cyber security is not just a buzzword. It's a necessity for businesses of all sizes, especially for small businesses [...]

Read More
25 03, 2024

Why Small Businesses Can’t Ignore Data Protection and information security

Many small business owners think they are too small to be a target for cyber criminals, the truth is that companies of all sizes face major risks when it comes to data breaches and lack of information security procedures. Failure to properly secure customer data can result in severe penalties, legal liability, and a devastating loss of customer trust. The Devastating Impact for One Small Retailer We took a call this week from a [...]

Read More
11 03, 2024

How do I know my Small Business is GDPR compliant?

How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]

Read More
4 03, 2024

Pseudo-anonymisation vs Anonymisation: What’s the Difference?

Pseudo-anonymisation vs Anonymisation: What's the Difference? is a question we were asked this week. When handling personal data, there are two main methods for de-identifying individuals - pseudo-anonymisation and anonymisation. But what exactly do these terms mean and how do they differ? Pseudo-anonymisation refers to replacing direct identifiers (like names) with indirect ones (like numbers). So in a pseudo-anonymised list, each individual is still assigned a unique code but this can be mapped back [...]

Read More
23 01, 2024

Bring Your Own Device (BYOD) – The risks and rewards

Bring Your Own Device (BYOD) is a popular policy where employees use personal devices for work. This typically means using personal smartphones or laptops to access company systems and data. While convenient, BYOD introduces cybersecurity risks that organisations must address. Failure to secure personal devices puts sensitive company information at risk. When employees access internal systems on insecure devices outside the corporate network, businesses lose control of that data. Without proper BYOD policies and [...]

Read More
16 07, 2023

Sending an email to the wrong person is one of the most common data breaches

Sending an email to the wrong person is one of the most common data breaches. It’s also usually down to human error, usually because someone is time pressured or trying to do more than one thing at once or not familiar with the software. This happened to one of my clients the other day, they rang me to say they had sent a report about one of their clients to one of their other [...]

Read More
25 06, 2023

What’s the difference between GDPR and Data Protection?

"What is the difference between GDPR and Data Protection?" is a questions I asked the other day. It can be very confusing as we use the term GDPR regularly to describe a piece a legislation we need to adhere to. GDPR stands for the General Data Protection Regulation. It’s the European wide legislation brought in in 2018, that created a tsunami of changes to the way businesses collect, store and destroy personal information. In [...]

Read More
19 04, 2023

Procurement Questionnaires

Procurement, due diligence or security questionnaires, whatever you want to call them are becoming far more common and businesses we work with, who haven't had them before, are starting to get them. We work quite widely in the security sector and they have started getting them from other companies that they work with. Generally, the questionnaires are based on the International Standard ISO27001. The questions can be phrased strangely and be difficult to understand [...]

Read More
12 04, 2023

Data Breach – Don’t make it complicated

Let me tell you about a recent incident with one of our clients. So, they had a bit of a hiccup and this led to a data breach. But it was a small data breach, with one person’s information incorrectly shared with another individual. Apparently, someone accidentally emailed the information to the wrong person. A common mistake. But when we sat down to discuss what had happened, they were ready to overhaul their entire [...]

Read More
28 02, 2023

A daily Absence report causing Problems

Usually we work with companies, but occasionally an individual will contact us asking for advice. This happened last week when an individual wanted to know if the company they were working for could send the daily emails about absences. The emails look something like this: Absences Email As you can see it shows who is absent and why. These emails are produced daily so could give a history of absences. Also is it appropriate [...]

Read More
14 02, 2023

What is special category data?

Special category data is personal information that needs more protection because it is considered sensitive under data protection legislation. There are nine special categories of personal information. They are information that relates to: - race, racial and ethnic origin; - political opinions; - religious or philosophical beliefs; - trade union membership; - genetic data; - biometric data such as fingerprints, eye scanners, but only where it's being used for identification purposes; - health information; [...]

Read More
17 01, 2023

What is your password policy and is it effective?

What is your password policy and is it effective? Frequent password changes are one of the things many organisations advocate and actively manage by expiring a password so that it has to be replaced. We are helping a client obtain Cyber Essentials Certification and have been looking at the National Cyber Security Centre (NCSC) website, which has a different viewpoint on passwords. Password changes are designed to limit the harm that comes from an [...]

Read More
10 01, 2023

How long do you have to respond to a Subject Access Request?

Two days before Christmas we had a call to the helpline about a Subject Access Request. A company had received a request and the requestor had said that they had 14 days to respond and provide the information. Obviously with all the Christmas and New Year bank holidays, the company were panicking about responding within 14 days. Firstly, the response time for a subject access request is one calendar month. The person making the [...]

Read More
16 05, 2022

Legitimate interest as a lawful basis is not an excuse to market to everyone.

This week through the helpline, we had a call from a company who had used legitimate interests to scrape email addresses from the web, and then send them marketing information. They explained that marketing emails were in their interests and the interests of the person emailed so they could place their services and goods on the caller’s platform for sale. There are very specific rules about email marketing both in data Protection legislation and [...]

Read More
30 04, 2022

Email Marketing – Do I need a tickbox?

Back to Basics and email marketing. Over the last couple of weeks we've been looking at some email marketing signup forms. And it's quite interesting when an organisation decides to put a tick box, although sometimes it's the software that has a tick box that you cannot remove. When someone is signing up for your email marketing list, you might create a form where someone can insert their email address and there's a tick [...]

Read More
18 04, 2022

Are your suppliers protecting your business information?

We find clients don't often think about supplier risk. Currently we're working with a company to implement ISO27001 and as part of that process, we are checking their suppliers for information security standards and GDPR etc. As part of checking suppliers for compliance, we needed a list of the suppliers and this particular company have outsourced their finance function to an accountancy firm. We asked the accountants to provide a list of the suppliers [...]

Read More
2 03, 2022

Dealing with special category information related to health

Under data protection legislation, health information is considered a special category of personal information. This means that it needs some additional controls in place to be able to collect and store it. There are a number of special categories and health information is one of the most commonly used because we collect it through various channels within our businesses. Today, we're just going to focus on those companies that collect it because they deal [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top