08 May 2018

EU data protection rules just around the corner

EU data protection rules just around the corner

We’re just weeks away from the biggest shake-up in personal data protection legislation for decades. Stringent new EU rules affecting all UK businesses and organisations – whether we ‘brexit’ or not – kick in for real on May 25 this year.

Not only that but the UK government is under pressure to push through the UK’s own new Data Protection Bill (now due for its final Commons reading) before that date.

The resulting Act will enshrine the EU’s General Data Protection Regulation rules (GDPR) within British law and give our own Information Commissioner’s Office increased power to investigate and possibly penalise any organisation or business unable to show they have made all possible efforts to comply.

Try the IASME certification route for GDPR compliance

As a result, the Assign-IT team has been working flat out supporting an increasing number of organisations and businesses anxious to raise their data protection levels as high as possible. Come to us and we can offer you a choice of routes to comply:

  1. IASME, a nationally recognised, independent information security management standard that includes all  the requirements of the GDPR and general data protection standards. We can get you up to scratch and then, as Hertfordshire’s first official IASME certification body, certify you as well.
  2. Our ongoing managed IT support service, which includes our recommendations to clients that fully reflect GDPR requirements. The service ensures our clients meet and maintain full GDPR compliance, using the IASME framework. This approach caters particularly for companies considering all-encompassing ISO accreditation (which does not include GDPR compliance).Our support service also ensures all our clients meet the minimum Cyber Essentials standards (which cover technical controls).
The shadowy threat of a cyber ‘cold war’

Of course, cyber security issues and the threat of a potential cyber ‘cold war’ have focused business minds on data protection and implementing a composite  layered approach to cybersecurity with the aim of building up all-round security.

Alongside IASME, Assign-IT is also an official certification body for the government-backed cybersecurity standard, Cyber Essentials, designed to protect all electronically held company information against external cyber threats. We advise clients on meeting the required standard, guide them through a self-assessment document they have to complete and then, if all criteria are met, provide certification for them.

But we’ve been deluged recently by many clients asking us to take them through the more advanced Cyber Essentials Plus standard that requires us – via internal and external vulnerability and penetration scanning and other exhaustive checks – to verify that their previous self-assessment is accurate.

Keep out – no phishing

One exciting development we are advising on is a new email-validation system designed to detect and prevent email spoofing, which we have recently enabled on our own company email systems. It’s easy to set up and aims to combat certain techniques often used in phishing and email spamming, such as emails with forged sender addresses that appear to originate from legitimate addresses.

With the rapid spread of identify fraud and phishing attacks, DMARC (domain-based message authentication, reporting and conformance, for short!) is now being adopted by industry and across all government and healthcare sectors.

Last but not so welcome is a proposed hike in the annual fees you pay if registered with the Information Commissioner’s Office (ICO). Instead of paying a flat £25 a year across the board, the following charges could soon apply:

  • companies with a maximum turnover of £632,000 or employing up to 10 staff £40 pa
  • Maximum turnover of £36m or up to 250 staff  £60 pa
  • turnover of more than £36m £2,900 pa
  • all charities (if not exempted) regardless of turnover and size  £40 pa

Don’t say we didn’t warn you . . .