For many new businesses, celebrating a happy third birthday is a key milestone. However, reaching three years is not easy to achieve. This week we celebrated our third birthday and we had the opportunity to sit and discuss what we did well and also what we did wrong....
Archives
ISO
ISO 27001 and GDPR Compliance
Anyone struggling with the EU GDPR (General Data Protection Regulation) should look no further than ISO 27001. It’s the international standard for information security. The ISO 27001 framework is close enough to the Regulation’s that many experts consider it a perfect...
GDPR Risk Assessments
Your business is required to comply with the GDPR (General Data Protection Regulation). Therefore you are obliged to conduct regular GDPR risk assessments. This isn’t just because the Regulation says that you should. Risk assessments are essential for...
DPIA (Data Protection Impact Assessment)
DPIA (data protection impact assessment) is a type of risk assessment designed to identify the risks affecting the security of personal data. A DPIA will help you understand the likely consequences of processing such data. Understanding what a DPIA is is all part...
What is an Information Security Policy?
It is well known that your people are the weakest part of your business security defences. You can spend a great deal of time designing processes to protect your business. You can then invest in state-of-the-art technology to detect threats. However, these will only...
The Age Appropriate Design Code
The Children's Code The Children’s Code (or Age Appropriate Design Code to give its proper title) is a data protection code of practice for online services. This includes apps, online games, and web and social media sites that are likely to be accessed by...
Nursing home fined
Nursing home fined for a data breach after a laptop with residents' details is stolen A nursing home in County Antrim has been fined £15,000 for failing to adequately protect sensitive data about its staff and residents. This story is a look back in history but...
UK firms face high compliance costs
British firms face a bill of up to £1.6 billion if the UK government fails to win an EU adequacy decision. The decision, if granted, would allow dataflows to continue as normal. This was revealed by a new report published on Monday last (23rd November 2020). UK firms...
ISO 27701 Readiness Assessment
Getting ready for an ISO 27701 certification with our readiness assessment, the new standard for Privacy Information Management ISO/IEC 27701 is the new international “gold standard” for privacy management. It is the companion standard for ISO 27001, the...
GDPR and the lawful bases for processing
The GDPR states that you must identify a lawful basis before processing personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? You must understand your GDPR...
Rights under the GDPR
What are the data subject rights under the GDPR? The EU GDPR (General Data Protection Regulation) gives individuals eight rights relating to their personal data. You must let individuals know how they can exercise these rights, and meet requests promptly....
ISO 27701 – are you privacy ready?
ISO/IEC 27701 is the international standard for privacy information management systems and is a companion standard for ISO 27001. ISO/IEC 27701 enables organisations to demonstrate compliance with all applicable privacy regulations, including the GDPR and the Data...
Managing for health and safety (HSG65)
This revised edition of one of HSE’s most popular guides is mainly for leaders, owners and line managers. It will particularly help those who need to put in place or oversee their organisation’s health and safety arrangements. The advice may also help workers...
ISO 9001 Quality Management
What is ISO 9001? Quality Management Systems (QMS) explained Companies and organisations are now expected to prove competency across an increasing number of disciplines in order to win contracts in both the private and public sector. A quality management system (QMS)...
ISO 27701 Privacy Information Management
ISO 27001 is the well recognised international standard for information security. A companion standard has now been added, this is ISO 27701. This page is a brief introduction to ISO 27701. It is the standard for Privacy Information Management. This page will discuss...
ISO 9001 Services
ISO 9001 is an ISO standard that seems out the criteria for quality management systems (QMS). This standard is based on a number of quality management principles including a strong customer focus, motivation and implication of top management, the process...
ISO 45001 Services
ISO 45001 is an ISO standard for management systems of occupational health and safety (OH&S), published in March of 2018. The goal of ISO 45001 is the reduction of occupational injuries and diseases, including promoting and protecting physical and mental...
ISO 45001
ISO 45001 is the international standard for occupational health and safety at work developed by the International Standards Organisation that are independent of government. Introduced in March 2018, the new standard replaces the current standard (BS OHSAS 18001) which...