Data Protection and Data PrivacyAll-encompassing business solutions

www.itgovernance.co.uk

The data protection regulatory environment

Organisations often store corporate data unprotected. Personal and sensitive information like customer data and employee records are vulnerable to data breaches if not effectively secured. Complex regulatory environments - both locally and internationally - business pressures to create easier access to your organisational data, rapid technological advances, changes in consumer and employee data usage, outsourcing, offshoring and Cloud computing have introduced a series of new and complicated risks, and privacy considerations that must be addressed in order to ensure the future sustainability of your business.

The Data Protection Act (DPA) and other legislation

The Data Protection Act 1998 (the DPA) sets out eight principles for securely managing personal and sensitive data. The DPA does not, however, offer any detailed specification on how to comply with these principles, making it difficult for organisations to clearly identify what they need to do. This is why management standards such as BS10012 prove valuable.

In addition to the DPA, the Privacy and Electronic Communications (PECR) Act sets out rules in a number of areas related to marketing, and the Freedom of Information Act requires compliance by all public sector organisations.

IT Governance has the expertise and track record to assist organisations in interpreting data privacy legislation and provide guidance on the Codes of Good Practice issued by the ICO.

Many organisations still believe that having a firewall or anti-virus software is sufficient protection against a data breach, but research* has shown that almost 50% of the worst security breaches have been caused by inadvertent human error or the deliberate misuse of systems by staff.

*Information Security Breaches Survey 2013 - BIS

The DPA and BS10012

BS10012, a British best practice standard, is a specification for a Personal Information Management System (PIMS) which sets out the actions organisations should take to ensure that they comply with the DPA. While compliance with BS10012 does not confer legal immunity, it will certainly put organisations in a position to demonstrate conclusively that they are following recognised best practice in personal information security, in addition to facilitating compliance with the proposed requirements related to EU Reform.

Data protection and the EU directive

Measures are under way to finalise the proposed EU Data Protection Regulation, which will replace the current Directive 95/46/EC.

There are several significant emerging themes which include an extended territorial scope which makes both controllers and processors established outside the EU subject to the proposed regulation, mandatory privacy impact assessments and increased accountability.

Under the proposed regulation, European regulators will be empowered to impose stronger sanctions which include fines of up to 2% of organisations’ global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive.

Start preparing now for tighter data privacy regulations by aligning with best practice frameworks and ensuring that your current systems are compliant with the UK Data Protection Act.

We can help you develop a framework that will enable you to implement an effective and robust Personal Information Management System tailored to your unique needs.

Consultancy Services Training & Awareness Standards, Books & Toolkits

Software & Hardware Tools

Data Protection Health Check & Gap Analysis

Data Protection Foundation Training Course

BS10012 – Data Protection Specification for a Personal Information Management System

vsRisk™ Information Security Risk Assessment Tool

Business Case Development for PIMS

Data Protection In-House Courses and Workshops

ISO30300 Records Management Fundamentals and Vocabulary

Endpoint Encryption Tools (Cloud-Based Endpoint Encryption)

Risk Assessments and Privacy Impact Assessments

Data Protection Staff Awareness E-Learning Course

How to Survive a Data Breach

CESG-Approved USB Sticks

Development of Policies and Procedures

Privacy Impact Assessment Workshop

Data Protection Act 1998 Compliance Toolkit

Desktop and Laptop Privacy Filters

Management and Board Briefing

Information Security In-House Courses and Workshops

DPA Compliance with BS10012 Documentation Toolkit

Penetration Testing Services

PIMS Implementation Audit

Information Security Staff Awareness E-Learning Course

Various Data Protection Books and Pocket Guides

Comprehensive data protection solutions

At IT Governance we provide unique products and services that are essential for business managers in achieving strategic goals, protecting and securing intellectual capital, and meeting relevant corporate governance objectives.

AwarenessRisk & Impact

Assessments

PIMS Implemen-

tation

Management Documentation

Internal Audit & Compliance

Audit

Free Resources a a a a a -

Standards a a a a a a

Books & Tools a a a a a -

Training & E-learning a a a a a a

Technical Testing - a a - - a

Alignment with

Standards

Our products and services

We offer an extensive range of products and services to help you meet your compliance requirements and give you peace of mind that your data is protected.

To view our full offering, visit www.itgovernance.co.uk/shop and select DPA from the menu.

We can help organisations reduce their total data protection expenditure, while increasing its effectiveness and return on investment.

• Our extensive expertise and understanding of data protection best practice, combined with a pragmatic approach ensures that each of our clients is able to achieve maximum business benefit and improve their current level of compliance with the DPA, the PECRA, the Freedom of Information Act and/or the planned EU Data Protection Regulation.

• We have substantial experience designing and implementing Personal Information Management Systems and can help you achieve compliance with BS10012.

• Our company is a global authority on ISO27001, the international information security standard, which is a recognised element of achieving compliance with the DPA.

Why choose us?

Dat

a Pr

otec

tion

Bro

chur

e -

v1

• Our cost-effective and customised advisory services provide a tailored route to achieving compliance with data protection laws, scalable to your budget and needs.

• Our deep technical knowledge and expertise deliver insight and advice that is not available through off-the-shelf technical solutions.

• Due to our recognised expertise in other internationally adopted standards such as PCI DSS, ISO27001 and ISO9001, we are able to offer an integrated approach to compliance.

• IT Governance is an IBITGQ Accredited Training Organisation (ATO) and an official publisher of the IBITGQ Study Guides and courseware.

Why certify to BS10012?

BS10012 sets out all the actions that organisations should take to ensure that they comply with the DPA. Compliance with BS10012 will put your organisation in a position to conclusively demonstrate it is following recognised best practice in personal information security. BS10012 also recognises the role of the international standard in information security, ISO/IEC 27001, in providing effective information security management and, in particular, in achieving compliance with the seventh principle of the DPA - information security.

IT Governance LtdUnit 3, Clive Court, Bartholomew’s WalkCambridgeshire Business ParkEly, Cambs CB7 4EA, United Kingdom

t: + 44 (0) 845 070 1750e: servicecentre@itgovernance.co.ukw: www.itgovernance.co.uk

@ITGovernance /it-governance /ITGovernanceLtd

Our credentials and corporate certificates:

ISO 27001

TM

CERTIFICATIONEUROPE

ISO 9001

TM

CERTIFICATIONEUROPE