11 03, 2024

How do I know my Small Business is GDPR compliant?

How Do I Know my Small Business is GDPR Compliant? All small businesses collect personal information as part of operating. This may be customers information, suppliers, staff etc so as a result you need to comply with data protection legislation. Failure to do so can have significant consequences including loss of reputation, loss of income and if there is a serious non-compliance issue, a significant fine. Here are some of the things your small [...]

18 04, 2022

Are your suppliers protecting your business information?

We find clients don't often think about supplier risk. Currently we're working with a company to implement ISO27001 and as part of that process, we are checking their suppliers for information security standards and GDPR etc. As part of checking suppliers for compliance, we needed a list of the suppliers and this particular company have outsourced their finance function to an accountancy firm. We asked the accountants to provide a list of the suppliers [...]

27 04, 2021

Procurement Questionnaires and how to respond

It has been a busy few weeks helping organisations who work with large corporates respond to procurement and security questionnaires. The questionnaires have all sorts of names; assurance, security, procurement, information security, data protection etc. They are all effectively trying to achieve the same thing, assurance about the security surrounding the information you are working with. They are becoming more frequently requested as part of working with larger organisations. In the last few weeks, [...]

1 03, 2021

GDPR Basics 1 – I’ve read the information on the ICO website and I’m still confused

“I’ve read the information on the ICO website and I’m still confused.” We hear this so often through our helpline. It’s not the fault of the ICO website, they are trying to meet the needs of all organisations from big to small, complex to simple and it doesn’t just provide the level of advice that someone needs sometimes. Also, the language can be confusing and frequently organisations struggle to understand the implications for their [...]

12 01, 2021

Data Subject Access Requests (DSAR)

We’ve had a flurry of requests for support for subject access requests in the last few weeks. This is  because of the redundancies being made by organisations and changing job market. Don’t think that only large organisations get Subject Access Requests, we have recently helped an organisation with only one employee to respond to a Subject Access Request. The most recent ones have been slightly larger organisations and there has been a common theme [...]

4 05, 2020

Security Questionnaires and how to respond

Recently with many organisations working from home, we have seen increased scrutiny happening for organisations managing information on behalf of other organisations. One of our clients is an international market research company. They work with large corporates throughout the world providing insight on new ideas and services. For the first time ever, they have received a security questionnaire from their biggest client. What we mean when we say security questionnaire is a form asking [...]

20 01, 2020

Should I be registered with the ICO?

Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]

6 01, 2020

Start Up Small Business Challenges

Lets face it GDPR is not top of a start-up businesses initial concerns. It comes a bit down the list of priorities after marketing, getting clients, making a profit and potentially having the right insurance in place. GDPR is a challenge for any small business. There is not usually the knowledge or expertise to understand the requirements. Sometimes there is not even the drive to understand what needs to be in place. It's all [...]

10 11, 2019

Email data breaches – Easily avoided

It's happened again. One of the most common data breaches and one which is easily avoided has happened to West Berkshire Council. So what happened? Someone sent an email to 1,107 people about a leisure centre survey and didn't hide the email addresses. As a result, everyone getting the email could see who else it had been sent to. It's really disappointing when these types of data breaches occur as they could so easily [...]

8 10, 2017

What is GDPR?

This is a question which I frequently hear and often extending it to its full name of the General Data Protection Regulation doesn't prove any more enlightening to the person asking the question. GDPR is the regulation agreed by the European Community as the standard that should be in place across the EU when handling a persons information. It's the replacement for the European directive that became the Data Protection Act. Simply put, GDPR [...]

Go to Top