Interesting Articles

Industry - Data Protection

The Information Commissioner’s Office has recently reiterated its message to businesses to “prepare for all scenarios” in light of the possibility that the UK leaves the European Union with no deal.

Personal information has been able to flow freely between organisations in the UK and EEA without any specific measures due to the fact that there is a common set of rules for processing data under the EU General Data Protection Regulation. This two-way free flow of personal information will no longer be the case if the UK leaves the EU without any additional agreement that specifically provides for the continued flow of personal data.

Regardless of Brexit, businesses will need to consider if they are currently transferring personal data to countries outside the EU, but Brexit brings in the additional complication that once the UK leaves Europe, additional measures will be needed to assure data transfers into the UK.

Hospitality PCI

Evolve North has worked on PCI projects for over 8 years, predominantly in the hospitality industry but also in other sectors such as transportation, housing associations and political parties. We specialise in helping clients reach compliance with the PCI DSS.

In a nutshell, we take clients through the minefield of completing the SAQ and ensuring the are operating in a compliant manner.

“We were recommended to use Evolve North to help us with our PCI DSS compliance.  Not knowing where to start but knowing we needed to start, Evolve North held our hand through the process making it less daunting and breaking it down into achievable segments.  They helped by assisting us with information governance, advising us on the best technical implementation and best practices and where best to prioritise our efforts to achieve maximum coverage.

They specifically helped guide me to achieve the PCI ISA qualification, which then enables our group to complete our own PCI SAQ.  

With Evolve North we held regular meetings to ensure we stayed focused and ‘on track’ and knowing they were also available at the end of a phone to answer those ‘quick’ questions when required was also comforting.    All through the process, I found Evolve North easy to work with and knowledgeable on all areas of compliance from PCI DSS to Data Protection”.  

- Kate Banks, Compliance Officer, Village Hotel Club

 

Hospitality PCIThe Northern Information Governance Forum is a not for profit organisation based in the North of England which provides a community that allows the discussion of Information Governance and Cyber Security related issues.

Evolve North, NewcastleGateshead Initiative and Online Systems have come together to sponsor the launch event.

This event will host speakers from leading organisations including the Grosvenor Estate, Darlington Building Society and Evolve North. We’ll be covering a host of topics from Operation Resilience and Data Protection to Brexit and GDPR certification.

The NIGF has limited to 50 spaces for the event so don’t leave it too late.

 

Find out more.

Book your free space. 

 

 The EU General Data Protection Regulation went live at the end of May 2018, followed closely by the new UK Data Protection Act 2018.  Both have had significant implications for organisations handling  personal data and for many, the last two years have been a time of making sense of the legislation, understanding what the legislation means for their business and trying to implement improvements where current practices have been found to be lacking.

Many of the organisations we’ve supported, have made huge steps forward in data protection compliance, including improved practices around:

  • Ensuring their staff understand their obligations in relation to data protection and IT Security
  • Implementing a Privacy by Design approach to effectively managing information risks
  • Ensuring they have clear processes in place for dealing with data breaches 
  • Supporting individual’s rights via clear privacy notices which document how individuals can exercise these rights
  • Improved technical security of systems processing personal data

However, there is still work to be done, and even where clear structures are in place for managing risks to personal data, it will be key that these are effectively rolled out and used across your organisation.  The ICO’s One Year On update reported their focus for the next year, alongside generally promoting and regulating data protection across the UK will be around their key regulatory areas of:

  • Cyber security
  • AI, big data and machine learning
  • Web and cross-device tracking for marketing purposes
  • Children’s privacy
  • Use of surveillance and facial recognition technology  

As supervisory authorities across Europe start to use their strengthened powers to fine and prosecute organisations and individuals, it will be key for all organisations to remain focused on implementing improvements in all areas of Data Protection and IT Security through 2019-20 and beyond.