There is some confusion about the difference between personal data and sensitive personal data and even whether sensitive personal data exists as a term! So, let’s see if we can clarify the situation. Under the old 1998 version of the Data Protection Act (DPA) 1998 there was a term ‘sensitive personal data’. Under the GDPR […]
A key role of risk management is helping organisations decide how limited resources can be most effectively used to address the most pressing business issues, e.g. threats to information security. Where current resources are insufficient, risk management can help management decide on what extra budget or resources (including seeking help from third-party specialists) are required. […]
In our blog on risk management challenges for 2019, we referred to the perennial risk attached to suppliers, as third parties continue to be a major source of incidents. Linked to the Brexit issue, understanding the risks your suppliers face and the measures they are taking to mitigate those risks is vital. In this blog, […]
One trend we are seeing in the market at present is an increase in the use of JavaScript Sniffers (JS Sniffers). In short, these sniffers are a type of malicious code which is injected/placed into a website with the sole intention of stealing personal data, names, credentials etc. from customers using that website. Most recently, […]
The easy way (if it was available!) would be to certify to an approved GDPR certification scheme. The EU has stated that ‘Member states, supervisory authorities (such as the Information Commissioner’s Office in the UK), the European Data Protection Board (EDPB) and the Commission will promote certification as a means to enhance transparency and compliance […]
In a previous blog, we looked at ‘ISO 27001 – What is it and why should you implement it?’ In this blog, we want to dig a bit deeper on the benefits that are gained from implementing the standard and from achieving certification. We could come up with a hypothetical list of benefits, but we thought […]
There has been a lot said and written about the risks businesses are expected to face in 2019, but less about challenges of risk management and the process itself. Here are our thoughts on what we see as the key challenges : Legislation/regulation and the impact on your risk tolerance– In 2018, we saw a […]
Last year, we saw a significant advance in legislation/regulation surrounding data privacy and protection, (e.g. the GDPR and DPA 18) and cyber security, (e.g. the EU Network and Information Systems (NIS) directive). The new legislation will, undoubtedly, have an impact on your risk tolerance and balancing your ‘position’ against the impact of such legislation/regulation will […]
So, PCI DSS v4.0 has started its development journey and is expected to be released sometime late 2020. The actual release date will largely depend on the feedback received during the development review process. So what is the development process? From 6 September to 15 November 2017 (yes 2017!!!), the PCI Security Standards Council offered […]