The document discusses data protection and privacy regulations in the UK and EU. It summarizes the key requirements of the UK Data Protection Act of 1998 and upcoming changes in the EU's General Data Protection Regulation. The document also describes the services offered by IT Governance to help organizations comply with these complex regulatory requirements through the development of a Personal Information Management System and other security and compliance solutions.

1. Data Protection and Data Privacy
All-encompassing business solutions
www.itgovernance.co.uk

2. The data protection regulatory
environment
Organisations often store corporate data unprotected.
Personal and sensitive information like customer
data and employee records are vulnerable to data
breaches if not effectively secured. Complex regulatory
environments - both locally and internationally - business
pressures to create easier access to your organisational
data, rapid technological advances, changes in consumer
and employee data usage, outsourcing, offshoring and
Cloud computing have introduced a series of new and
complicated risks, and privacy considerations that must
be addressed in order to ensure the future sustainability
of your business.
The Data Protection Act (DPA) and other
legislation
The Data Protection Act 1998 (the DPA) sets out eight
principles for securely managing personal and sensitive
data. The DPA does not, however, offer any detailed
specification on how to comply with these principles,
making it difficult for organisations to clearly identify
what they need to do. This is why management
standards such as BS10012 prove valuable.
In addition to the DPA, the Privacy and Electronic
Communications (PECR) Act sets out rules in a number
of areas related to marketing, and the Freedom of
Information Act requires compliance by all public sector
organisations.
IT Governance has the expertise and track record to assist
organisations in interpreting data privacy legislation and provide
guidance on the Codes of Good Practice issued by the ICO.
Many organisations still believe that
having a firewall or anti-virus software
is sufficient protection against a
data breach, but research* has
shown that almost 50% of the worst
security breaches have been caused
by inadvertent human error or the
deliberate misuse of systems by staff.
*Information Security Breaches Survey 2013 - BIS
The DPA and BS10012
BS10012, a British best practice standard, is a
specification for a Personal Information Management
System (PIMS) which sets out the actions organisations
should take to ensure that they comply with the DPA.
While compliance with BS10012 does not confer legal
immunity, it will certainly put organisations in a position
to demonstrate conclusively that they are following
recognised best practice in personal information security,
in addition to facilitating compliance with the proposed
requirements related to EU Reform.
Data protection and the EU directive
Measures are under way to finalise the proposed EU
Data Protection Regulation, which will replace the current
Directive 95/46/EC.
There are several significant emerging themes which
include an extended territorial scope which makes both
controllers and processors established outside the EU
subject to the proposed regulation, mandatory privacy
impact assessments and increased accountability.
Under the proposed regulation, European regulators
will be empowered to impose stronger sanctions which
include fines of up to 2% of organisations’ global annual
turnover. European companies with strong procedures
for protecting personal data will have a competitive
advantage on a global scale at a time when the issue is
becoming increasingly sensitive.
Start preparing now for tighter data privacy regulations by aligning with best
practice frameworks and ensuring that your current systems are compliant with the
UK Data Protection Act.

3. We can help you develop a framework that will enable you
to implement an effective and robust Personal Information
Management System tailored to your unique needs.
Consultancy Services Training & Awareness Standards, Books &
Toolkits
Software & Hardware
Tools
Data Protection Health
Check & Gap Analysis
Data Protection
Foundation Training
Course
BS10012 – Data Protection
Specification for a Personal
Information Management
System
vsRisk™ Information
Security Risk Assessment
Tool
Business Case
Development for PIMS
Data Protection In-House
Courses and Workshops
ISO30300 Records
Management
Fundamentals and
Vocabulary
Endpoint Encryption Tools
(Cloud-Based Endpoint
Encryption)
Risk Assessments
and Privacy Impact
Assessments
Data Protection Staff
Awareness E-Learning
Course
How to Survive a Data
Breach
CESG-Approved USB
Sticks
Development of Policies
and Procedures
Privacy Impact Assessment
Workshop
Data Protection Act 1998
Compliance Toolkit
Desktop and Laptop
Privacy Filters
Management and Board
Briefing
Information Security
In-House Courses and
Workshops
DPA Compliance with
BS10012 Documentation
Toolkit
Penetration Testing
Services
PIMS Implementation
Audit
Information Security Staff
Awareness E-Learning
Course
Various Data Protection
Books and Pocket Guides
Comprehensive data protection solutions
At IT Governance we provide unique products and services that are essential for business managers in achieving
strategic goals, protecting and securing intellectual capital, and meeting relevant corporate governance objectives.
Awareness
Risk &
Impact
Assessments
PIMS
Implemen-
tation
Management
Documentation
Internal Audit
& Compliance
Audit
Free Resources a a a a a -
Standards a a a a a a
Books & Tools a a a a a -
Training & E-learning a a a a a a
Technical Testing - a a - - a
Alignment
with
Standards
Our products and services
We offer an extensive range of products and services to help you meet your compliance requirements and give you
peace of mind that your data is protected.
To view our full offering, visit www.itgovernance.co.uk/shop and select DPA from the menu.

4. We can help organisations reduce their total data protection
expenditure, while increasing its effectiveness and return on
investment.
• Our extensive expertise and understanding of data
protection best practice, combined with a pragmatic
approach ensures that each of our clients is able to
achieve maximum business benefit and improve their
current level of compliance with the DPA, the PECRA,
the Freedom of Information Act and/or the planned
EU Data Protection Regulation.
• We have substantial experience designing and
implementing Personal Information Management
Systems and can help you achieve compliance with
BS10012.
• Our company is a global authority on ISO27001, the
international information security standard, which is a
recognised element of achieving compliance with the
DPA.
Why choose us?
DataProtectionBrochure-v1
• Our cost-effective and customised advisory services
provide a tailored route to achieving compliance with
data protection laws, scalable to your budget and
needs.
• Our deep technical knowledge and expertise deliver
insight and advice that is not available through off-
the-shelf technical solutions.
• Due to our recognised expertise in other
internationally adopted standards such as PCI DSS,
ISO27001 and ISO9001, we are able to offer an
integrated approach to compliance.
• IT Governance is an IBITGQ Accredited Training
Organisation (ATO) and an official publisher of the
IBITGQ Study Guides and courseware.
Why certify to BS10012?
BS10012 sets out all the actions that organisations should take to ensure that they comply with the DPA. Compliance
with BS10012 will put your organisation in a position to conclusively demonstrate it is following recognised
best practice in personal information security. BS10012 also recognises the role of the international standard in
information security, ISO/IEC 27001, in providing effective information security management and, in particular, in
achieving compliance with the seventh principle of the DPA - information security.
IT Governance Ltd
Unit 3, Clive Court, Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambs CB7 4EA, United Kingdom
t: + 44 (0) 845 070 1750
e: servicecentre@itgovernance.co.uk
w: www.itgovernance.co.uk
@ITGovernance /it-governance /ITGovernanceLtd
Our credentials and corporate certificates:
ISO
27001
TM
CERTIFICATION
EUROPE
ISO
9001
TM
CERTIFICATION
EUROPE