GDPR & Cyber Essentials
The EU General Data Protection Regulation (GDPR) will apply in the UK from 25th May 2018, and it is essential your business is prepared. If your business stores any form of personal data, achieving and maintaining GDPR compliance is crucial. Not only will this ensure you avoid significant fines and loss of reputation, but it will increase your trustworthiness in the eyes of customers, and help develop a culture of data privacy and security.
At Method, we’ve been through this process and can offer reliable expertise to make your business GDPR compliant. We know what needs to be done and work with trusted partners to deliver a comprehensive data protection solution, as well as a wide range of supportive IT security measures. Speak to our specialists today to discover our GDPR IT consultancy services.
What we offer
General Data Protection Regulation has been designed to protect individuals’ rights to their personal data. As of 25th May 2018, any UK business that stores personal data, from names, locations and IP addresses to special categories including race and religion, will be expected to demonstrate compliance to GDPR.
These regulations will apply to all EU organisations, and will remain enforced when the UK leaves the union. Furthermore, if your organisation operates outside the EU but offers goods and services to EU residents or processes their personal data, it too will be subject to GDPR guidelines.
Is your business ready for GDPR? To ensure this, you must be able to demonstrate lawful basis to process personal data. Your approach to processing this sensitive information must function in accordance with the six key data protection principles, which are:
- Data is processed lawfully, fairly and transparently
- It is collected for legitimate reasons
- All data is relevant and limited to what is necessary
- Must be kept accurate and up-to-date
- Information is stored for no longer than what is necessary
- You must have appropriate security, integrity and confidentiality measures in place
Without a process that demonstrates these data protection principles, particularly in relation to transparency, security and accountability, your business stands at risk of fines up to €20 million, or 4% of annual turnover (whichever is higher), as well as the loss of trust among your customers. In addition, you miss out on the benefits GDPR compliance offers your business in protecting key information, enhance the data you store and grow your reputation among new and existing customers.
That’s where Method’s expert IT consultancy can support you. Our team have been through this process, so we can offer a comprehensive summary of GDPR and what your business will require to ensure compliance. We are certified to guide you through all data protection changes, and have completed this for businesses across Essex, London and the South East.
We’ve been in your shoes, so are in the best position to go beyond a technical tool or product, and introduce total GDPR compliance solutions to your business. With the support of our specialists, we’ll ensure you meet all standards for data protection processing, as well as provide a range of products and services to actively defend against personal data breaches.
Designed specifically for small to medium-sized businesses, Cyber Essentials is a UK Government backed scheme to aid the creation of a secure IT infrastructure, in line with GDPR requirements.
Whether Cyber Essentials is a required data protection directive for your business (e.g. if you operate in the Public Sector), or you simply wish to demonstrate your commitment to comprehensive IT security procedures, Method’s IT security experts are available to help your company receive this respected accreditation.
There are two routes to achieving certification: self-audited or externally audited. The self-audited approach involves your organisation assessing itself against five basic security controls:
- Boundary firewalls/internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
An external audit, which results in the Cyber Essentials Plus certification, is a test of the above five security controls conducted by a qualified, independent assessor, to ensure they offer suitable protection for data against basic hacking and phishing attacks. This will involve testing a random sample of your security systems (usually around 10%).
Through our association with IASME, our dedicated Cyber Essentials IT consultancy service helps your business prepare for either assessment, providing valuable guidance throughout to prove you take security seriously.