Layers of Security and Compliance Required by GDPR-DPA2018
Published on: 10th July 2018
By PYXI GDPR Team
Since the enactment of the Data Protection Act 2018 / GDPR in the UK we have noticed that business is waking up to the need for a joined-up approach to their GDPR and Data Security responsibility.
We are starting to see that people are connecting up their need to secure their data, devices and networks, with having good processes and procedures in place for complying with the new legislation. They're increasingly recognising that they need to engage with their IT providers, software suppliers, and possibly data protection specialists to get everything covered and in order, and that leaving out one element compromises the whole endeavour. The GDPR is very clear about the need to take the big picture view:
"In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption." Recital 83, GDPR
In addition to this being addressed by small businesses, we are also seeing increasing collaboration between IT providers / Data Security companies and Data Protection specialists. Rather than trying to be a "Jack of all trades" these businesses are looking out for partners they can trust to deliver high quality services to their clients alongside their own remedies and solutions for GPDR and Cyber Security.
Some of the conversations we've seen explicitly join up ISO27001, Enisa, GDPR, PECR, DPA2018 and Cyber Essentials, particularly where people are interacting with the UK Government's new minimum cyber security standard. While there's lots to do to improve the dovetailing of these regulations and approaches, the number of people working together with this bigger picture is growing.
We welcome this holistic approach, and believe it will give businesses and individuals greater protections as a result. Individuals' rights will be better protected, and businesses will be more resilient to security and data breaches and their consequent business disruption.
Our PYXI for GDPR software gives you the means to manage the overlapping areas of Data Protection and IT Security, allowing you to keep on top of the requirements of both sides of this complex set of compliance issues.
PYXI GDPR Team: 10th Jul 2018 11:15:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more