GDPR for the 25th May, ISO 27001 for Life?

With the many GDPR offerings & associated fear mongering out there, businesses would be forgiven for forgetting there has always been a legal requirement on the use and protection of Personal Data – The Data Protection Act. In fact, the ICO (Information Commissioner’s Office) has been tracking down & levying fines on many shady companies that have abused personal data for many years. Nobody is above the law, even Humberside Police have been fined £140 000 & the Royal Mail Group £12 000:

5th April 2018 – Humberside Police has been fined £130,000 by the Information Commissioner’s Office after disks containing a video interview of an alleged rape victim went missing.

6th April 2008 Royal Mail Group Limited has been fined £12,000 by the Information Commissioner’s Office after sending more than 300,000 nuisance emails. On two dates in July 2017, the company sent emails to 327,014 people who had already opted out of receiving direct marketing.

ICO Actions Taken

The introduction of GDPR while protecting individuals & clarifying the requirements for business in my opinion has best served to re-focus on the need to protect information, but don’t lose focus – While the loss or mishandling of Personal Information can lead to one of the above fines, the careless handling of Business-Critical Information could affect the loss of your business.

Long term I would recommend you incorporate all of your business in an Information Security Management System. Information Security isn’t just for the 25th May it is for the whole year and your entire Business. Use ISO 27001 guidance to set up an Information Security System that protects your whole business & ISO 27001 Certification to demonstrate Due Diligence & give potential customers that warm cosy feeling –

FURTHER INFORMATION

Leave a Reply

Your email address will not be published. Required fields are marked *