Upload
it-governance-ltd
View
150
Download
5
Embed Size (px)
DESCRIPTION
IT Governance has the expertise and track record to assist organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO.
Citation preview
Data Protection and Data PrivacyAll-encompassing business solutions
www.itgovernance.co.uk
The data protection regulatory environment
Organisations often store corporate data unprotected. Personal and sensitive information like customer data and employee records are vulnerable to data breaches if not effectively secured. Complex regulatory environments - both locally and internationally - business pressures to create easier access to your organisational data, rapid technological advances, changes in consumer and employee data usage, outsourcing, offshoring and Cloud computing have introduced a series of new and complicated risks, and privacy considerations that must be addressed in order to ensure the future sustainability of your business.
The Data Protection Act (DPA) and other legislation
The Data Protection Act 1998 (the DPA) sets out eight principles for securely managing personal and sensitive data. The DPA does not, however, offer any detailed specification on how to comply with these principles, making it difficult for organisations to clearly identify what they need to do. This is why management standards such as BS10012 prove valuable.
In addition to the DPA, the Privacy and Electronic Communications (PECR) Act sets out rules in a number of areas related to marketing, and the Freedom of Information Act requires compliance by all public sector organisations.
IT Governance has the expertise and track record to assist organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO.
Many organisations still believe that having a firewall or anti-virus software is sufficient protection against a data breach, but research* has shown that almost 50% of the worst security breaches have been caused by inadvertent human error or the deliberate misuse of systems by staff.
*Information Security Breaches Survey 2013 - BIS
The DPA and BS10012
BS10012, a British best practice standard, is a specification for a Personal Information Management System (PIMS) which sets out the actions organisations should take to ensure that they comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security, in addition to facilitating compliance with the proposed requirements related to EU Reform.
Data protection and the EU directive
Measures are under way to finalise the proposed EU Data Protection Regulation, which will replace the current Directive 95/46/EC.
There are several significant emerging themes which include an extended territorial scope which makes both controllers and processors established outside the EU subject to the proposed regulation, mandatory privacy impact assessments and increased accountability.
Under the proposed regulation, European regulators will be empowered to impose stronger sanctions which include fines of up to 2% of organisations’ global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive.
Start preparing now for tighter data privacy regulations by aligning with best practice frameworks and ensuring that your current systems are compliant with the UK Data Protection Act.
We can help you develop a framework that will enable you to implement an effective and robust Personal Information Management System tailored to your unique needs.
Consultancy Services Training & Awareness Standards, Books & Toolkits
Software & Hardware Tools
Data Protection Health Check & Gap Analysis
Data Protection Foundation Training Course
BS10012 – Data Protection Specification for a Personal Information Management System
vsRisk™ Information Security Risk Assessment Tool
Business Case Development for PIMS
Data Protection In-House Courses and Workshops
ISO30300 Records Management Fundamentals and Vocabulary
Endpoint Encryption Tools (Cloud-Based Endpoint Encryption)
Risk Assessments and Privacy Impact Assessments
Data Protection Staff Awareness E-Learning Course
How to Survive a Data Breach
CESG-Approved USB Sticks
Development of Policies and Procedures
Privacy Impact Assessment Workshop
Data Protection Act 1998 Compliance Toolkit
Desktop and Laptop Privacy Filters
Management and Board Briefing
Information Security In-House Courses and Workshops
DPA Compliance with BS10012 Documentation Toolkit
Penetration Testing Services
PIMS Implementation Audit
Information Security Staff Awareness E-Learning Course
Various Data Protection Books and Pocket Guides
Comprehensive data protection solutions
At IT Governance we provide unique products and services that are essential for business managers in achieving strategic goals, protecting and securing intellectual capital, and meeting relevant corporate governance objectives.
AwarenessRisk & Impact
Assessments
PIMS Implemen-
tation
Management Documentation
Internal Audit & Compliance
Audit
Free Resources a a a a a -
Standards a a a a a a
Books & Tools a a a a a -
Training & E-learning a a a a a a
Technical Testing - a a - - a
Alignment with
Standards
Our products and services
We offer an extensive range of products and services to help you meet your compliance requirements and give you peace of mind that your data is protected.
To view our full offering, visit www.itgovernance.co.uk/shop and select DPA from the menu.
We can help organisations reduce their total data protection expenditure, while increasing its effectiveness and return on investment.
• Our extensive expertise and understanding of data protection best practice, combined with a pragmatic approach ensures that each of our clients is able to achieve maximum business benefit and improve their current level of compliance with the DPA, the PECRA, the Freedom of Information Act and/or the planned EU Data Protection Regulation.
• We have substantial experience designing and implementing Personal Information Management Systems and can help you achieve compliance with BS10012.
• Our company is a global authority on ISO27001, the international information security standard, which is a recognised element of achieving compliance with the DPA.
Why choose us?
Dat
a Pr
otec
tion
Bro
chur
e -
v1
• Our cost-effective and customised advisory services provide a tailored route to achieving compliance with data protection laws, scalable to your budget and needs.
• Our deep technical knowledge and expertise deliver insight and advice that is not available through off-the-shelf technical solutions.
• Due to our recognised expertise in other internationally adopted standards such as PCI DSS, ISO27001 and ISO9001, we are able to offer an integrated approach to compliance.
• IT Governance is an IBITGQ Accredited Training Organisation (ATO) and an official publisher of the IBITGQ Study Guides and courseware.
Why certify to BS10012?
BS10012 sets out all the actions that organisations should take to ensure that they comply with the DPA. Compliance with BS10012 will put your organisation in a position to conclusively demonstrate it is following recognised best practice in personal information security. BS10012 also recognises the role of the international standard in information security, ISO/IEC 27001, in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA - information security.
IT Governance LtdUnit 3, Clive Court, Bartholomew’s WalkCambridgeshire Business ParkEly, Cambs CB7 4EA, United Kingdom
t: + 44 (0) 845 070 1750e: [email protected]: www.itgovernance.co.uk
@ITGovernance /it-governance /ITGovernanceLtd
Our credentials and corporate certificates:
ISO 27001
TM
CERTIFICATIONEUROPE
ISO 9001
TM
CERTIFICATIONEUROPE