dcsimg

A breakdown of the GDPR’s six data processing principles

The Regulation stipulates that infringements of “the basic principles for processing, including conditions for consent” are subject to the highest possible administrative fines – up to €20,000,000 or 4% of global annual turnover, whichever is greater. If any detail can get the attention of the people who need to understand this, it is likely that potential fines of that scale will do the job.  The … [Read more...]

ISO/IEC 27701 and the privacy information management system requirements

ISO/IEC 27701:2019 is the international standard for privacy information management. It is structured in the same way as ISO/IEC 27001 – hence from the establishment of the privacy information management system (PIMS) through to its review and adaptation. There are also sections on performance evaluation and improvement. Addressing the requirements in this order, though, is not a requirement in … [Read more...]

GDPR compliance and managing personal data internationally

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.  The term “third countries” is not defined in the GDPR but comes from the EU’s primary treaties in order to refer to countries that are not party to those treaties. It is a common term in EU law and is … [Read more...]

What is an EnMS (energy management system) and why should we invest in one?

This pocket guide gives a practical but strategic overview for leadership teams of what an energy management system (EnMS) is and how implementing one can bring added value to an organisation. It is not a ‘how to’ book but explains why starting the ‘do’ is a good strategic decision.  Energy management is, in one sense, not so much about energy but rather the management of resources. This doesn’t … [Read more...]

NIS Directive – The EU’s Directive on security of network and information systems

Technology has brought us into a world that many of us only poorly understand. While we may have some grasp of this technology, there is often a lack of real understanding as to how these technologies work and interact. A few decades ago, we understood that if the water levels fell then the hydroelectric plant would not be able to generate electricity. We knew that interchanges connected our … [Read more...]

The psychology of compliance

The human decision-making process is the preferred subject of psychologists and economists. Historically, they adopted an approach of viewing human behaviour as regular and highly predictable. This helped the researchers to build various models in order to comprehend social and economical phenomena. Such systems were compared by Karl Popper to reliable pendulum clocks.  One can take them apart and … [Read more...]

Protect your organisation by building a security-minded culture

Human behaviour is complex and inconsistent, making it a rich hunting ground for would-be criminal hackers and a significant risk to the security of your organisation.  In Build a Security Culture, security consultant and trainer Kai Roer discusses the human and cultural factors in organisational security, and explains how to ensure your organisation is set up to manage and deter malicious … [Read more...]

A concise guide to PCI DSS v3.2.1

All target dates for compliance with the PCI DSS have long since passed. The Standard is now on its third version, with the fourth in development with a predicted release date of Q4 2020. It is likely that v3.2.1 will be withdrawn around the end of 2021. Many organisations around the world – particularly those that fall below the top tier of payment card transaction volumes – are not yet … [Read more...]

A guide to implementing and auditing ISO 27001

Information is one of your organisation’s most valuable assets. The objectives of information security are to protect the confidentiality, integrity and availability of information. These basic elements of information security help to ensure that an organisation can protect against:  sensitive or confidential information being given away, leaked or otherwise exposed, both … [Read more...]

Five must-read books on cyber security

Books are a great way of increasing your cyber security knowledge, but with thousands to choose from, it’s difficult to know where to begin.  To help you get the best information available and enable you to advance your cyber security career, we’ve chosen some of our best titles for you. Security in the Digital World Technology is always developing, and so are the threats and risks of being … [Read more...]