Audit

3 Free Information Security tools

Posted on

Part of GDPR is protecting users’ data, businesses are obliged to think about privacy when designing systems. Protecting data is also common sense.  Who would deal with a business that can’t reliably store data? This post is about using some practical (and free) tools to reduce risk for a small business. In the world of […]

Compliance

Big Data : The New Oil or Nuclear Waste?

Posted on
Data leaking is like nuclear waste leaking. Once we believed that big data would drive new industries by monitoring data freely. Now we see its a bit more complicated.

We have been told that big data usage will differentiate successful businesses from failures.  That is probably true, but not only as “the new oil” driving innovation.  Perhaps data is more like nuclear waste, it costs a fortune to store and when it leaks…..? The new oil arguments for using big data are well known: […]

ISO 27001

Measure Customer Centricity with Staff Surveys

Posted on

Many organisations include customer centricity and customer-first as strategic business goals in their annual reports and marketing collateral.  Management systems will often be put in place to track customer-centric business metrics (KPIs) to track and respond to improvements or degradations in the quality of service delivered.  Management systems are often complemented by sanity checks to discover what actually happens on the […]

Documentation

A quick and simple Customer Experience maturity questionnaire

Posted on

Organisations normally have very laudable goals about customer centricity in their annual reports and strategic documents.  A strong management system would always involve some sanity checking of what actually happens on the ground to implement the strategy.  This would include some kind of mystery shopping as well as customer and staff surveys, to measure and track what level of […]

Compliance

GDPR enforcement and compliance mechanisms

Posted on

Naturally any regulation which outlines rights for data subjects and responsibilities for data controllers and processers needs enforcement and compliance mechanisms. Enforcement & Compliance structure In each member state there is a national supervisory authority, which is the first port of call in that territory for GDPR enforcement.  These national authorities are assigned specific tasks as well as a number of investigative, corrective and advisory powers when overseeing organisations […]

Audit

First five questions for GDPR compliance

Posted on

When confronted with the looming deadline of May 2018 for GDPR compliance there are five big questions any organisation should ask. Who deals with personal data in your organisation? Individuals or departments whichever is appropriate. What data do you gather across organisation?  list it out there may be repetition which can be rationalised later. Why is the data collected or processed? Different users may have […]

Compliance

Data Controllers or Data Processors in GDPR?

Posted on

In order to vindicate data subjects’ rights, the GDPR defines two new roles for organisations Data Controllers and Data Processors. This post will outline the roles and obligations for both under the GDPR. Controller or processor Controllers are those who determine the purposes and means of processing personal data. Processors are those engaged in processing personal data on behalf of controllers. To decide of […]

EU GDPR

GDPR shifts the balance of right to individuals

Posted on

In legislating for the GDPR the European Union codifies the primacy of data protection in European law. EU law will grant enhanced rights to EU citizens  and residents (Data Subjects) which are superior to those enjoyed by citizens or residents of any other major state.  These rights can be summarised under two broad headings as the “right of access” and “right to […]

Documentation

Maintenance and operation of an ISO 27001 ISMS

Posted on

Successfully completing an ISO 27001 certification places great demands on an organisation.  The announcement of success is normally treated as the end of a difficult journey, and can be a time when attention turns to other pressing matters.  However the real job, the real value generating part of ISO 27001 now starts.  This is where the organisation reaps the rewards of a well […]