The EU General Data Protection Regulation (GDPR) is one of the most important changes to data privacy in 20 years. The regulation came into effect on 25 May and regardless of Brexit, all UK organisations’ handling personal data need to comply with it.
Earlier in the year, research by the Federation of Small Business found that around two thirds (68%) of smaller businesses had either not started or were only in the initial stages of GDPR preparation. Worryingly, only eight per cent of small businesses had completed their preparations at that stage. Where previously the UK Data Protection Act 1998 ( DPA) carried a maximum fine of up to £500,000 for serious breaches, under GDPR fines of an upper limit of 20 million euros or 4% of annual global turnover are now enforceable.
The Information Assurance for Small to Medium-sized Enterprises (IASME) Governance standard was developed over several years from a government funded project to create a cyber security standard which would be an achievable alternative to the international standard, ISO27001.
PKF Francis Clark has reaccredited to the IASME Governance Standard which includes the GDPR requirements as well as Cyber Essentials which evidences that an organisation has carried out steps towards protecting business and data from internet based cyber-attacks.
As Cyber Essentials focusses on key technical controls, GDPR requires more than Cyber Essentials on its own. By certifying to the IASME Governance Standard, which includes the GDPR requirements, PKF Francis Clark has demonstrated that it has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which supports GDPR compliance. These include assessing business risks, training staff, dealing with incidents and handling operational issues.
Richard Wilding, Head of Cyber Services said: “PKF Francis Clark has already become fully accredited under IASME Gold and Cyber Essentials PLUS, the new IASME Governance standard demonstrates our commitment to the highest standards of data protection.
“We can help organisations protect themselves against cyber- attack. Many businesses feel they are too small to be prone, however the evidence shows that SMEs suffer more than seven million cybercrimes a year. If you are concerned and are seeking a cyber security review we would be delighted to help.”