hi@fortis-dpc.com | 03333 22 10 11
Data retention is an important part of your GDPR compliance. When did you last review your data retention? What you’re keeping and for how long? And of course, why? With new employment laws now enforced, the times for which you can hold employee data and former...
The European Data Protection Board has published an analysis by TJ McIntyre, one of their panel of experts, about legitimate interests, looking back at many cases where controllers have fallen foul of the GDPR by not applying it properly. It’s long and detailed,...
For years, ISO 27001 has been recognised as the gold standard for information security management, guiding organisations in safeguarding their data assets against ever-growing risks. But have you ever wondered where ISO 27001 originated? How...
The DSPT has had major updates for this year. The submission deadline is 30th June 2026, and you are advised to take note of the following. The outcomes and assertions of the DSPT which must be included in a 25-26 DSPT Audit for NHS Trusts, ICBs, ALBs, CSU,...
Each year, the Cyber Essentials scheme is revised to ensure it remains relevant to the current threat landscape. This blog provides a summary of what’s new for 2026. We also detail how this year’s changes to the scheme affect your Cyber Essentials/Cyber Essentials...
Internet connectivity brings great benefits. However, this is also exploited by those wishing to cause harm. It is important to identify those threats and help protect your business. Your prosperity depends on the internet. In an increasingly inter-connected world,...
If you are not keeping up with your DSARs, you are not alone. Last week, the Information Commissioner's Office issued an enforcement notice to Bristol City Council for failing to respond to hundreds of Data Subject Access Requests (DSARs). Some of these DSARs dated...
Whether you are a sole trader, a small business owner or a large corporation, your website is at risk of being hacked at any time, if it isn't properly maintained. In our latest blog post, we take a look at a local cleaning company whose website was compromised last...
Powering over 43% of the World Wide Web, WordPress is one of the world’s most popular content management systems (CMS). Despite its popularity, thousands of WordPress sites are compromised every day. Why? Not because WordPress itself is insecure, but because these...
Over 2 million pieces of data of domestic abuse victims were downloaded from the Legal Aid Agency's online system. The Ministry of Justice reported that the hack was initially identified on 23 April 2025, but the extent of the attack was not known until 16 May 2025....
As a business owner, you probably own and manage a website; it’s central to your online presence, and a crucial platform for making sales and growing a business. But have you thought about the security implications of your website? Just like any other system, emails,...
Our friends at Malwarebytes have reported the use of AI in Gmail attacks. In May, 2024, the FBI warned about the increasing threat of cybercriminals using artificial intelligence (AI) in their scams. At the time, FBI Special Agent in Charge, Robert Tripp, said:...
Establishing Best Practices in Data Security and Patient Trust The Data Security and Protection Toolkit (DSPT) is a critical framework designed to ensure that care providers, including those in the health and social care sectors, adhere to stringent data security...
An Overview of the General Data Protection Regulation (GDPR) Introduction The General Data Protection Regulation (GDPR) is a regulatory framework enacted by the European Union (EU) in 2018 to protect individuals' personal data and privacy. Since it came into effect,...
Financial institutions and their critical suppliers rely on information and communication technology (ICT) to operate. Persistent targeting by cyber attackers means that potential cyber security threats are a greater concern than ever. New regulations like the Digital...
The three European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) have published a second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of...
Are you confident that your business is fully GDPR compliant? With the General Data Protection Regulation (GDPR) in full effect, ensuring compliance is non-negotiable for businesses handling the personal data of EU citizens. Failure to adhere to GDPR principles can...
If you are considering integrating AI into your business? Are you not sure where to start, or how to navigate the challenges? Fear not, you are not alone. That statement is not helpful I know, but don’t worry, we are very helpful indeed! Many organisations...