Subscribe to Blogs
The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA. The GDPR provides the following rights for individuals:
In my last blog (https://www.fifthstep.com/node/213) I wrote that Cyber Security and Business Continuity should ideally work together to streamline a well-coordinated response to any attacks or data breaches, minimise costs and protect reputation. In this blog I will look at specific pragmatic actions that would be required to achieve this integration.
London, 9th August 2017 - A new book, The Little Book of GDPR, about the EU General Data Protection Regulation (GDPR) provides information, not only about data rights, but also how IT teams and businesses can get their organisation onto the path to compliance. The easy-to-read 70-page book, which can be purchased on Amazon for £10.99, is far more than a bluffer’s guide to the subject but is written in such way as to demystify what can be an often frustratingly complex subject.
While it is not possible to be 100% secure from a cyber-attack, there are number of measures companies can take to reduce the risk of it happening – and to help ensure they minimise the consequences and recover more quickly should a breach occur.
No matter which way you voted in the Brexit referendum if you are involved with a business that operates internationally (and most businesses these days have some international element), then you're going to be looking at what Brexit means for your organisation, what the risks may be, but also what the opportunities may be. Before going to much further, I feel it is important to say that this won't be another article suggesting that we all curl up into a ball until it is all over, or run around like headless chickens because the world is about to end - I really don't believe that is the case, or that those kinds or articles help companies approach things in a positive way that allows them to move forward.
This week saw an international and well known law firm fall victim to a malware attack. Whilst they were not the only organisation to suffer from attacks recently, law firms (as do those in the financial services sector) trade on their reputation, expertise, and their ability to maintain confidentiality, all of which have doubt cast upon them in the wake of a cyber attack. As in the physical world it is not possible to provide absolute security against a highly motivated attacker, there are steps that firms can and should be taking to protect themselves, and their reputations against cyber attack, these are the 5 steps that Fifth Step recommends.
In Europe, the data subject gives a company to whom we provide our data the rights to use that information for a specific and stated purpose.
On the Saturday morning of the recent holiday weekend BA’s computer systems suffered an outage, the details are not public, although there is a suggestion that there was a power surge in one of BA’s data centers that caused damage to hardware. Whilst the why is important to BA’s technicians who will have been working all over the holiday weekend to resolve the issue and subsequent fallout, the more interesting lessons come from looking at what can be learned from the incident as a whole.
Darren Wray was recently invited to write a blog for the Chartered Insurance Institute on the subject of the General Data Protection Regulation (GDPR). What does it all mean for the insurance sector?
The change agenda for most organisations, particularly those in highly regulated sectors has been at increasingly high levels for the last few years with requirements like Solvency II, MiFID II, FATCA, EGRPRA, Dodd Franks, GDPR, NYCRR500 and the London Market Target Operating Model (TOM) to name some of the larger regulatory requirements and market initiatives, all of which must be done alongside the organisation’s own changes and improvements. It’s really no wonder that project teams are overloaded, and in many cases under resourced to implement the changes required...
When people think about business continuity events, they think about disasters, hurricanes, floods and the like. But business continuity planning needs to take into account events of all types.
London, 12th May 2017 - It’s not often that a hospital can be considered the patient, but that is exactly what is happening today with the news that the UK’s National Health Service has suffered a cyber security incident, with many hospitals around the country infected with ransomware.
The change agenda for most organisations, particularly those in highly regulated sectors has been at increasingly high levels for the last few years with requirements like Solvency II, MiFID II, FATCA, EGRPRA, Dodd Franks, GDPR, NYCRR500 and the London Market Target Operating Model (TOM) to name some of the larger regulatory requirements and market initiatives, all of which must be done alongside the organisation’s own changes and improvements. It’s really no wonder that project teams are overloaded, and in many cases under resourced to implement the changes required.
Why are so many risk and insurance professionals taking the impending General Data Protection Regulation so seriously when we’ve had data protection in Europe for years? Read this Darren Wray article written for industry leading title Insurance Day to find out.
Modern businesses are more regulated today than they have ever been, and despite political campaign speeches in both the US and Europe, there seems to be little change in landscape for as far as the eye can see. What’s more, the regulation is coming to ever smaller organisations who today are facing a burden that at the turn of the millennium was borne by organisations several times their size. For those operating in the highly-regulated sectors of Financial Services, Law, and Pharmaceutical I believe that there are 5 pillars that every organisation needs to be addressing.