Are You Confident With GDPR Compliance?

Dealing with IT Compliance and GDPR can seem like a daunting mission. Luckily, you don't have to go it alone. Let BCS assist you on your Compliance journey, and help you become GDPR certified.

What is GDPR and what does it mean for my business?

We all heard about the changes to General Data Protection Regulations, which came into effect on 25 May 2018. But what does this mean for your business?

In essence, GDPR is in place to protect personal data, assuring that it’s being asked for in the correct way and handled ethically and securely. If your organisation collects or handles customer information, then you are considered a Data Controller under this legislation This means you have a duty to strictly follow GDPR, otherwise you could see fines up to 4% of the global turnover of your business.

As stated on the official GDPR website, Personal Data can be defined as:

Any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.

It’s your responsibility to ensure you and your staff are GDPR compliant, which can be daunting for most SMEs. Luckily, we have the IT technology and know-how to guide you on the GDPR path.

How do you maintain these GDPR standards within your business?

We have a dedicated Security & Compliance team to help you implement accurate and up-to-date GDPR policies, instead of relying on vague and incorrect templates from the internet. As well as this, if you were to experience a Data Breach we can help you notify the ICO within the 72-hour period in order to give you the support and advice you’ll need to avoid breaking GDPR laws.

As well as this, our bespoke Education platform offers a host of GDPR Compliance training. It’s so good, we make sure that every BCS employee undergoes the training before starting their role with us. It’s the perfect way to empower your staff, arming them with all the knowledge on how GDPR can affect their day-to-day role.

A male in a graduate outfit with a degree
Payment Card Machine

How can PCI-DSS compliance support your GDPR procedures?

The Payment Card Industry – Data Security Standard (PCI-DSS) was set up by the world’s top five credit card companies.

If you take card payments, then you must be compliant with the following strict network security requirements:

  1. The network in which transactions are conducted must be secure and maintained
  2. Cardholder information (PII) must be protected and stored securely in both physical and digital mediums
  3. Systems should be effectively protected against cybercriminals and must be free of malware/viruses
  4. Access permissions must be applied to the systems, with access being restricted and controlled
  5. Networks must be monitored and tested on a regular basis for security efficacy
  6. Information security policies must be implemented, kept up-to-date and make clear to all parties

It might seem excessive, but it could be the difference between business success and being fined up to £100,000 per month. Get in touch today to start your Compliance journey.

Become Cyber Essentials Plus Certified

Protect your organisation against cyber-attacks with this Government-backed scheme. Cyber Essentials helps you to guard against the most common cyber threats and demonstrate your commitment to cyber security. This will help show your customers you take cybersecurity seriously and might even help you close that deal!

There are two levels of certification; Standard Cyber Essentials which simply involves a tick box exercise that anyone in your organisation can complete and Cyber Essentials Plus which requires an independent review by an external auditor who is experienced in cyber security. To gain these certifications, you are required to provide evidence for these five technical controls; Firewalls, Secure Configuration, User Access Control, Malware Protection and Security Update Management.

Cyber Essentials is reviewed annually, so it’s essential to keep on top of new requirements that may be introduced.

Let us fix your GDPR Compliance headache

We know all this compliance talk can be a lot to process. You have a business to run after all. Let us do all the heavy lifting and help keep your business GDPR compliant and secure.

Woman smiling with folded arms