SlideShare a Scribd company logo

Data Protection and Data Privacy

IT Governance Ltd
IT Governance Ltd

The document discusses data protection and privacy regulations in the UK and EU. It summarizes the key requirements of the UK Data Protection Act of 1998 and upcoming changes in the EU's General Data Protection Regulation. The document also describes the services offered by IT Governance to help organizations comply with these complex regulatory requirements through the development of a Personal Information Management System and other security and compliance solutions.

BusinessTechnology
1 of 4
Download to read offline
Data Protection and Data Privacy All-encompassing business solutions www.itgovernance.co.uk
The data protection regulatory environment Organisations often store corporate data unprotected. Personal and sensitive information like customer data and employee records are vulnerable to data breaches if not effectively secured. Complex regulatory environments - both locally and internationally - business pressures to create easier access to your organisational data, rapid technological advances, changes in consumer and employee data usage, outsourcing, offshoring and Cloud computing have introduced a series of new and complicated risks, and privacy considerations that must be addressed in order to ensure the future sustainability of your business. The Data Protection Act (DPA) and other legislation The Data Protection Act 1998 (the DPA) sets out eight principles for securely managing personal and sensitive data. The DPA does not, however, offer any detailed specification on how to comply with these principles, making it difficult for organisations to clearly identify what they need to do. This is why management standards such as BS10012 prove valuable. In addition to the DPA, the Privacy and Electronic Communications (PECR) Act sets out rules in a number of areas related to marketing, and the Freedom of Information Act requires compliance by all public sector organisations. IT Governance has the expertise and track record to assist organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO. Many organisations still believe that having a firewall or anti-virus software is sufficient protection against a data breach, but research* has shown that almost 50% of the worst security breaches have been caused by inadvertent human error or the deliberate misuse of systems by staff. *Information Security Breaches Survey 2013 - BIS The DPA and BS10012 BS10012, a British best practice standard, is a specification for a Personal Information Management System (PIMS) which sets out the actions organisations should take to ensure that they comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security, in addition to facilitating compliance with the proposed requirements related to EU Reform. Data protection and the EU directive Measures are under way to finalise the proposed EU Data Protection Regulation, which will replace the current Directive 95/46/EC. There are several significant emerging themes which include an extended territorial scope which makes both controllers and processors established outside the EU subject to the proposed regulation, mandatory privacy impact assessments and increased accountability. Under the proposed regulation, European regulators will be empowered to impose stronger sanctions which include fines of up to 2% of organisations’ global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive. Start preparing now for tighter data privacy regulations by aligning with best practice frameworks and ensuring that your current systems are compliant with the UK Data Protection Act.
We can help you develop a framework that will enable you to implement an effective and robust Personal Information Management System tailored to your unique needs. Consultancy Services Training & Awareness Standards, Books & Toolkits Software & Hardware Tools Data Protection Health Check & Gap Analysis Data Protection Foundation Training Course BS10012 – Data Protection Specification for a Personal Information Management System vsRisk™ Information Security Risk Assessment Tool Business Case Development for PIMS Data Protection In-House Courses and Workshops ISO30300 Records Management Fundamentals and Vocabulary Endpoint Encryption Tools (Cloud-Based Endpoint Encryption) Risk Assessments and Privacy Impact Assessments Data Protection Staff Awareness E-Learning Course How to Survive a Data Breach CESG-Approved USB Sticks Development of Policies and Procedures Privacy Impact Assessment Workshop Data Protection Act 1998 Compliance Toolkit Desktop and Laptop Privacy Filters Management and Board Briefing Information Security In-House Courses and Workshops DPA Compliance with BS10012 Documentation Toolkit Penetration Testing Services PIMS Implementation Audit Information Security Staff Awareness E-Learning Course Various Data Protection Books and Pocket Guides Comprehensive data protection solutions At IT Governance we provide unique products and services that are essential for business managers in achieving strategic goals, protecting and securing intellectual capital, and meeting relevant corporate governance objectives. Awareness Risk & Impact Assessments PIMS Implemen- tation Management Documentation Internal Audit & Compliance Audit Free Resources a a a a a - Standards a a a a a a Books & Tools a a a a a - Training & E-learning a a a a a a Technical Testing - a a - - a Alignment with Standards Our products and services We offer an extensive range of products and services to help you meet your compliance requirements and give you peace of mind that your data is protected. To view our full offering, visit www.itgovernance.co.uk/shop and select DPA from the menu.
We can help organisations reduce their total data protection expenditure, while increasing its effectiveness and return on investment. • Our extensive expertise and understanding of data protection best practice, combined with a pragmatic approach ensures that each of our clients is able to achieve maximum business benefit and improve their current level of compliance with the DPA, the PECRA, the Freedom of Information Act and/or the planned EU Data Protection Regulation. • We have substantial experience designing and implementing Personal Information Management Systems and can help you achieve compliance with BS10012. • Our company is a global authority on ISO27001, the international information security standard, which is a recognised element of achieving compliance with the DPA. Why choose us? DataProtectionBrochure-v1 • Our cost-effective and customised advisory services provide a tailored route to achieving compliance with data protection laws, scalable to your budget and needs. • Our deep technical knowledge and expertise deliver insight and advice that is not available through off- the-shelf technical solutions. • Due to our recognised expertise in other internationally adopted standards such as PCI DSS, ISO27001 and ISO9001, we are able to offer an integrated approach to compliance. • IT Governance is an IBITGQ Accredited Training Organisation (ATO) and an official publisher of the IBITGQ Study Guides and courseware. Why certify to BS10012? BS10012 sets out all the actions that organisations should take to ensure that they comply with the DPA. Compliance with BS10012 will put your organisation in a position to conclusively demonstrate it is following recognised best practice in personal information security. BS10012 also recognises the role of the international standard in information security, ISO/IEC 27001, in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA - information security. IT Governance Ltd Unit 3, Clive Court, Bartholomew’s Walk Cambridgeshire Business Park Ely, Cambs CB7 4EA, United Kingdom t: + 44 (0) 845 070 1750 e: servicecentre@itgovernance.co.uk w: www.itgovernance.co.uk @ITGovernance /it-governance /ITGovernanceLtd Our credentials and corporate certificates: ISO 27001 TM CERTIFICATION EUROPE ISO 9001 TM CERTIFICATION EUROPE

Recommended

Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
Exove
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Karina Matos
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
BrightPay Payroll and Auto Enrolment Software
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placemat
Graeme Cross
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matter
Exove
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 

Recommended

Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
Exove
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Karina Matos
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
BrightPay Payroll and Auto Enrolment Software
 
Aon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placematAon GDPR prepare and protect solution placemat
Aon GDPR prepare and protect solution placemat
Graeme Cross
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matter
Exove
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
Graeme Cross
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
Convince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List XConvince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List X
Dave James
 
Azure Privacy & GDPR @ Service Management World
Azure Privacy & GDPR @ Service Management WorldAzure Privacy & GDPR @ Service Management World
Azure Privacy & GDPR @ Service Management World
JP Clementi
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
Dave James
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
Curt Lewis
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Victor Gridnev
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
Hubilo
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
Google
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
GDPR & SAP: practical data governance & management activities
GDPR & SAP: practical data governance & management activitiesGDPR & SAP: practical data governance & management activities
GDPR & SAP: practical data governance & management activities
Nico J.W. Kuijper ECMm BPMs ERMp
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
Accenture
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
NetworkIQ
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Data Security Whitepaper
Data Security WhitepaperData Security Whitepaper
Data Security Whitepaper
Sample Solutions
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
PECB
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 

More Related Content

What's hot

GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Victor Gridnev
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
Accenture
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
ekyklos Κύκλος Ιδεών για τη Εθνική Ανασυγκρότηση
 

What's hot (20)

Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
Convince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List XConvince your board: How to prepare your business for List X
Convince your board: How to prepare your business for List X
 
Azure Privacy & GDPR @ Service Management World
Azure Privacy & GDPR @ Service Management WorldAzure Privacy & GDPR @ Service Management World
Azure Privacy & GDPR @ Service Management World
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
GDPR Workshop
GDPR WorkshopGDPR Workshop
GDPR Workshop
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
Come cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeoCome cambia la cybersecurity con il regolamento privacy europeo
Come cambia la cybersecurity con il regolamento privacy europeo
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
GDPR & SAP: practical data governance & management activities
GDPR & SAP: practical data governance & management activitiesGDPR & SAP: practical data governance & management activities
GDPR & SAP: practical data governance & management activities
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_security
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Data Security Whitepaper
Data Security WhitepaperData Security Whitepaper
Data Security Whitepaper
 
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
14.3.2018, Παρουσίαση Κώστα Γκρίτση στην εκδήλωση «Προστασία Προσωπικών Δεδομ...
 

Similar to Data Protection and Data Privacy

Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
jesusamckone
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
RAJU852744
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
Lumension
 

Similar to Data Protection and Data Privacy (20)

Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
 
2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx2019 14th Iberian Conference on Information Systems and Tech.docx
2019 14th Iberian Conference on Information Systems and Tech.docx
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
Security, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it rightSecurity, GDRP, and IT outsourcing: How to get it right
Security, GDRP, and IT outsourcing: How to get it right
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper Qubole GDPR Security and Compliance Whitepaper
Qubole GDPR Security and Compliance Whitepaper
 
Cybersecurity & Data Challenges
Cybersecurity & Data ChallengesCybersecurity & Data Challenges
Cybersecurity & Data Challenges
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
 
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptxWhat Is the Scope of ISO 27001 Certification in the Netherlands.pptx
What Is the Scope of ISO 27001 Certification in the Netherlands.pptx
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 

More from IT Governance Ltd

GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 

More from IT Governance Ltd (20)

Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 

Recently uploaded

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
jaehdlyzca
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 

Recently uploaded (20)

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableBerhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Berhampur Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 

Data Protection and Data Privacy

  • 1. Data Protection and Data Privacy All-encompassing business solutions www.itgovernance.co.uk
  • 2. The data protection regulatory environment Organisations often store corporate data unprotected. Personal and sensitive information like customer data and employee records are vulnerable to data breaches if not effectively secured. Complex regulatory environments - both locally and internationally - business pressures to create easier access to your organisational data, rapid technological advances, changes in consumer and employee data usage, outsourcing, offshoring and Cloud computing have introduced a series of new and complicated risks, and privacy considerations that must be addressed in order to ensure the future sustainability of your business. The Data Protection Act (DPA) and other legislation The Data Protection Act 1998 (the DPA) sets out eight principles for securely managing personal and sensitive data. The DPA does not, however, offer any detailed specification on how to comply with these principles, making it difficult for organisations to clearly identify what they need to do. This is why management standards such as BS10012 prove valuable. In addition to the DPA, the Privacy and Electronic Communications (PECR) Act sets out rules in a number of areas related to marketing, and the Freedom of Information Act requires compliance by all public sector organisations. IT Governance has the expertise and track record to assist organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO. Many organisations still believe that having a firewall or anti-virus software is sufficient protection against a data breach, but research* has shown that almost 50% of the worst security breaches have been caused by inadvertent human error or the deliberate misuse of systems by staff. *Information Security Breaches Survey 2013 - BIS The DPA and BS10012 BS10012, a British best practice standard, is a specification for a Personal Information Management System (PIMS) which sets out the actions organisations should take to ensure that they comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security, in addition to facilitating compliance with the proposed requirements related to EU Reform. Data protection and the EU directive Measures are under way to finalise the proposed EU Data Protection Regulation, which will replace the current Directive 95/46/EC. There are several significant emerging themes which include an extended territorial scope which makes both controllers and processors established outside the EU subject to the proposed regulation, mandatory privacy impact assessments and increased accountability. Under the proposed regulation, European regulators will be empowered to impose stronger sanctions which include fines of up to 2% of organisations’ global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive. Start preparing now for tighter data privacy regulations by aligning with best practice frameworks and ensuring that your current systems are compliant with the UK Data Protection Act.
  • 3. We can help you develop a framework that will enable you to implement an effective and robust Personal Information Management System tailored to your unique needs. Consultancy Services Training & Awareness Standards, Books & Toolkits Software & Hardware Tools Data Protection Health Check & Gap Analysis Data Protection Foundation Training Course BS10012 – Data Protection Specification for a Personal Information Management System vsRisk™ Information Security Risk Assessment Tool Business Case Development for PIMS Data Protection In-House Courses and Workshops ISO30300 Records Management Fundamentals and Vocabulary Endpoint Encryption Tools (Cloud-Based Endpoint Encryption) Risk Assessments and Privacy Impact Assessments Data Protection Staff Awareness E-Learning Course How to Survive a Data Breach CESG-Approved USB Sticks Development of Policies and Procedures Privacy Impact Assessment Workshop Data Protection Act 1998 Compliance Toolkit Desktop and Laptop Privacy Filters Management and Board Briefing Information Security In-House Courses and Workshops DPA Compliance with BS10012 Documentation Toolkit Penetration Testing Services PIMS Implementation Audit Information Security Staff Awareness E-Learning Course Various Data Protection Books and Pocket Guides Comprehensive data protection solutions At IT Governance we provide unique products and services that are essential for business managers in achieving strategic goals, protecting and securing intellectual capital, and meeting relevant corporate governance objectives. Awareness Risk & Impact Assessments PIMS Implemen- tation Management Documentation Internal Audit & Compliance Audit Free Resources a a a a a - Standards a a a a a a Books & Tools a a a a a - Training & E-learning a a a a a a Technical Testing - a a - - a Alignment with Standards Our products and services We offer an extensive range of products and services to help you meet your compliance requirements and give you peace of mind that your data is protected. To view our full offering, visit www.itgovernance.co.uk/shop and select DPA from the menu.
  • 4. We can help organisations reduce their total data protection expenditure, while increasing its effectiveness and return on investment. • Our extensive expertise and understanding of data protection best practice, combined with a pragmatic approach ensures that each of our clients is able to achieve maximum business benefit and improve their current level of compliance with the DPA, the PECRA, the Freedom of Information Act and/or the planned EU Data Protection Regulation. • We have substantial experience designing and implementing Personal Information Management Systems and can help you achieve compliance with BS10012. • Our company is a global authority on ISO27001, the international information security standard, which is a recognised element of achieving compliance with the DPA. Why choose us? DataProtectionBrochure-v1 • Our cost-effective and customised advisory services provide a tailored route to achieving compliance with data protection laws, scalable to your budget and needs. • Our deep technical knowledge and expertise deliver insight and advice that is not available through off- the-shelf technical solutions. • Due to our recognised expertise in other internationally adopted standards such as PCI DSS, ISO27001 and ISO9001, we are able to offer an integrated approach to compliance. • IT Governance is an IBITGQ Accredited Training Organisation (ATO) and an official publisher of the IBITGQ Study Guides and courseware. Why certify to BS10012? BS10012 sets out all the actions that organisations should take to ensure that they comply with the DPA. Compliance with BS10012 will put your organisation in a position to conclusively demonstrate it is following recognised best practice in personal information security. BS10012 also recognises the role of the international standard in information security, ISO/IEC 27001, in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA - information security. IT Governance Ltd Unit 3, Clive Court, Bartholomew’s Walk Cambridgeshire Business Park Ely, Cambs CB7 4EA, United Kingdom t: + 44 (0) 845 070 1750 e: servicecentre@itgovernance.co.uk w: www.itgovernance.co.uk @ITGovernance /it-governance /ITGovernanceLtd Our credentials and corporate certificates: ISO 27001 TM CERTIFICATION EUROPE ISO 9001 TM CERTIFICATION EUROPE