
The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation which came into effect on 25 May 2018 and set a new benchmark for the processing of personal data. It applies to any...

Under the UK General Data Protection Regulation (UK GDPR), the majority of organisations processing personal data are required to create and maintain a formal record of processing activities (ROPA)...

Let’s face it, there is nothing straightforward or simple about responding to a data subject access request (DSAR).

In this blog, we will discuss the importance of ensuring that your whole organisation can identify a DSAR, the benefits of controlling the entry points of DSARs and creating a centralised DSAR process

This blog looks at the requirement within both the DPA 2018 and the GDPR to verify the identity of an individual making a request before acting or releasing information. Our clients are regularly...

A question we are increasingly asked is ‘Is there a catch-all international standard that effectively proves external verification of data protection compliance?’ It would be great if the answer to..

The easy way (if it was available!) would be to certify to an approved UK GDPR certification scheme. The Data Protection Act 2018 gave the UK’s privacy regulator, the Information Commissioner’s...

We have seen an increased focus on the General Data Protection Regulation (GDPR) by certification body (CB) assessors when conducting ISO 27001 audits. In the past, assessments typically focused on..
As a PCI QSA, URM can assist you with a range of services, including conducting gap analyses, helping you reduce your CDE scope, conducting penetration tests an
URM can offer a host of consultancy services to improve your DP policies, privacy notices, DPIAs ROPAs, privacy notices, data retention schedules and training programmes etc.
As a long-established PCI QSA, URM is able to deliver a full PCI QSA-led audit and produce a report on compliance (RoC) as well as deliver a full QSA-led self-assessment questionnaire (SAQ)