Please consider updating your browser. Some parts of the website may not function as intended.

3 Triggers for Conducting a DPIA

Here’s a funny thing – recital 84 of the EU’s GDPR legislation states “…where processing operations are likely to result in a high risk to the rights and freedoms of natural persons, the controller should be responsible for the carrying-out of a data protection impact assessment…”. Paragraph 1 of Article 35 says pretty much the […]

Personal Data Deletion Done the Right Way

personal data deletion

Are you managing personal data deletion correctly under the DPA and GDPR? Does everyone in your organisation know what to delete and when to delete? It might seem like an easy task but many still struggle with this. The deletion of 213,000 UK police records due to incorrectly flagged files for deletion is a good […]

How Much Does an ISO 27001 Certification Cost?

How much does an ISO 27001 certification cost?

One of the major obstacles for an organisation to achieve ISO 27001 Certification can be with fitting it within their budget. It can seem like a daunting task to gather all the variables that are needed to estimate an ISO 27001 certification cost. So how can you get a ballpark estimate for certification when there […]

Data Protection Steps Required as the Brexit Transition Ends

Brexit Data Protection

After 30th December 2020, the Brexit transition period will end. This has implications for the transfer of personally identifiable information (PII) out of the EU/EEA to the UK. To get around this the UK plans to reach an adequacy agreement with the EU so that things can continue pretty much as they are. By incorporating […]

Going Beyond Cyber Essentials Plus Certification

Cyber essentials plus

Once you have successfully attained Cyber Essentials Plus (CE+) certification and the celebrations are over, what do you do? Do you just sit back and be happy that CE+ has been achieved or do you build upon it? Well, it all depends on why you undertook to achieve CE+ in the first place. Many companies […]

How to Choose an ISO 27001 Certification Body

ISO 27001 Auditing Company

Before choosing an ISO certification body for your ISO 27001 certification you need to understand the reasons for obtaining the certificate. Many clients want the ISO certificate to demonstrate to clients and partners that they take information security seriously. Others have requirements for certification to allow them to bid for certain contracts. There are a […]

How to Maintain your ISO Compliance Remotely

In this new business era of virtual working, I have been asked how to maintain your ISO compliance with staff working from home and while it poses some problems, it’s certainly not difficult. The first thing to remember is that ISO 27001 defines the requirements for the Information Security Management System (ISMS). This ISMS has […]

Mitigate Cyber Security Risks in 2020

Cyber security risk management

If you had a chance to read part 1 of this blog series, you’ll remember that my top 3 risk management predictions for the next six months included: A huge increase in reported data breaches An increase in COVID-19 related phishing emails An increase in targeted ransomware attacks In this post, I’ll explain how businesses […]

Cyber Security Risk Management Predictions 2020

Cyber security risk management

As we slowly ease out of the lockdown here in the UK, businesses once again have to adapt to changing environments. Some businesses will continue to operate with their staff in a dispersed manner, while others will be looking to open offices and bring their staff back to the workplace. The COVID-19 pandemic means that […]

Risk Crew