New data protection regulations have post-Brexit trade implications
In anticipation of the introduction of GDPR (General Data Protection Regulations), an EU-wide stricter version of the current Data Protection Act which come into force in May 2018, PKF Francis Clark have got ahead of the game by achieving a Gold Standard IASME accreditation for cyber security the highest of the four levels of accreditation available.
IASME (Information Assurance for Small and Medium sized Enterprises) is one of the 5 accreditation bodies set up by the UK Government to roll out the Cyber Essentials Scheme which provides a set of five controls that organisations can implement to achieve a baseline of cyber security – boundary firewalls and internet gateways, secure configuration, access control, Malware protection and patch management.
The IASME Governance standard, based on international best practice, is risk-based and includes aspects such as physical security, staff awareness, and data backup. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government.
The IASME governance self-assessment includes the Cyber Essentials assessment but goes further in helping with GDPR compliance by adding assessment of business risks, staff training, dealing with incidents and handling operational issues.
Richard Wilding, Head of Cyber Security Services at PKF Francis Clark said:
“Under GDPR every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. Respect for privacy, security of data and awareness of breaches will be key. There are changes in reporting breaches and the definition of personal data.
“GDPR will be more robust in its protection of personal data than anything we have previously seen and businesses will be more accountable with potential fines of up to €20 million or 4% of global turnover.”
This accreditation is important in a number of ways. Firstly, for PKF Francis Clark, it sends out a clear message to our clients that their data is as safe with us as it can be.
“Secondly, by achieving the Gold Standard we have also become a Certification Body and can now help other businesses achieve accreditation.
“This is significant for post-Brexit trade with the EU as it is likely that any organisation proposing to offer goods and services to EU member states will need to comply with the GDPR from May 2018. IASME offers the option to be assessed against GDPR requirements as part of the IASME Governance assessment. Although this is not guaranteed full compliance it gets organisations most of the way along the path.”
Any businesses or organisations that need help and guidance with Cyber Essentials or want more information about IASME accreditation should contact PKF Francis Clark.