You have decided you need ISO27001 certification – what happens now?

ISO27001 is the international standard for Information Security, and there are several reasons for deciding that certification is a business requirement. For some companies, it becomes a requirement to get shortlisted for new work. For others, it can be a way for management to ensure good security practices are in places as they grow or… Read More

Password protecting your Word, Excel, PowerPoint and PDF files #MSOffice

A discussion about security measures with an SME I have been working with highlighted the need to provide some tips on how to protect files. They wanted to add passwords but were not sure of the best way to do this. So here is the way to do it in MS Office applications for Office365.… Read More

How to track down your personal data (Data Mapping)

One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More

Legitimate Interests – 3 part test

Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More

Accountability and Governance – Documentation #GDPR #DPB

Details of documentation requirements for Accountability and Governance under the GDPR and Data Protection Bill are on the ICO website. A mind map has been created to act as a quick reference. Click on the image to view the full-size mind map. You can use the Checklist on the ICO website page to track what… Read More

It was bound to happen…was it a problem?

  Along with death and taxes, one of the things that will happen to almost everyone in the UK is losing access to a vital lifeline, aka your mobile phone. And when that happens, are you going to be in for a frantic four-hour session to get back to normal, or will it be relatively easy. … Read More

My top 3 items from the Information Commissioner’s fireside chat

On Tuesday 17 October I was at IAPP’s ‘fireside chat’ with Elizabeth Denham, the Information Commissioner. The top 3 items for me were: GDPR certification – details to be published in early 2018, the ICO is leading the work on this in WP29. The Commissioner thought it should be based on Accountability and mentioned the approach… Read More

The impact of the GDPR on sending emails and networking

On 25 May 2018 the General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA). The aim is to give individuals more control over how their personal data is used and get businesses to be more transparent over how it will be used. The UK Government have confirmed that Brexit has no impact. Businesses… Read More

How interested do parties need to be?

Early on in the ISO27001:2013 standard, page 1 section 4.2 to be precise, is ‘Understanding the needs and expectations of interested parties’. An organisation needs to determine the parties relevant to their information security management system (ISMS) and what requirements they could have for information security. The standard helpfully notes that requirements may include legal and regulatory… Read More

Wetherspoons stop monthly newsletters – GDPR related?

This morning I received an email from Wetherspoons – I am a customer and did sign up to receive updates – saying they will no longer be sending emails as many consider this intrusive. I agree that some people can find this intrusive, but at the same time think this could be part of their General… Read More