The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws. GDPR replaces the previous 1995 data protection directive, which current UK law is based upon.

It introduces tougher fines for non-compliance and breaches and gives us all more say over what companies can do with our data. On top of this, it also makes data protection rules more or less identical throughout the EU.

Why was GDPR drafted in the first place?

The new law has two aims. First, the EU wants to give people more control over how their personal data is used. This is down to the practices of companies like Facebook and Google, who often swap access to their services for users’ data. 

The current Data Protection Act was enacted before the internet, making it easy to exploit data using new technology. GDPR seeks to address this. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the  digital economy.  

Second, the EU wants to give businesses a clearer legal environment to operate in. It’s estimated that making data protection law identical throughout the single market will save businesses a collective €2.3 billion a year.

When will it apply?

GDPR has applied to all EU member states since 25 May 2018. 

Who does it apply to?

According to the EU, ‘controllers’ and ‘processors’ of data need to follow GDPR rules. Let’s dig into those terms a little. 

A data controller is the party responsible for how and why data is processed. This is usually your business itself. A processeser is the party responsible for the actual handling of the data.

Using a third-party contractor for processing your payroll is great example of this. Your business tells the payroll company when wages should be paid, how much each employee should recieve, and if anyone leaves or joins. The payroll company provides the IT system and stores your employees’ data. In this situation, your business is the controller and the payroll provider the processor.

Even if controllers and processors are based outside the EU GDPR still applies, so long as they’re dealing with data belonging to EU residents.

It’s your responsibility as a controller to ensure the processor follows the rules. Meanwhile, processors must keep records of their processing activities. There’s a big incentive to do this. Under GDPR, the penalities are much more severe than they were previously.  

How can Cyber Essentials help with GDPR?

While your organisation needs more than Cyber Essentials to comply with GDPR, it’s a great first step. Cyber Essentials certification is evidence that you have taken steps towards protecting your data from cyber attacks.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

(more…)

Cyber Essentials is a UK-Government-backed cyber-security scheme which encourages businesses to take steps in order to prevent and protect themselves against the threat of cyber-attack. What you might not be aware of, however, is how beneficial a Cyber Essentials certification can be for managed service providers (MSPs) and their customers.

How to get Cyber Essentials certified

According to the official Cyber Essentials statistics, nearly half of businesses reported a cyber-attack in the past 12 months. And this is why the scheme dedicated to helping ensure businesses stay secure.

The Cyber Essentials certification serves as proof of your IT resilience, educating businesses across all sectors on the best way to protect themselves from a range of the most prevalent and threatening cyber threats. The Cyber Essentials certification is not just an award, but an ongoing education and protection process in which a business must put in place a range of security procedures and policies which help ensure sufficiently high levels of cyber-security within their IT infrastructure.

This helps prevent the risk of your business facing a cyber-attack, as well an ensuring that you have the infrastructure in place to appropriately counter and recover from an attack in the event of a disaster.

How does this Essentials benefit MSPs’ customers?

The threat of cyber-attack is heightened as an MSP or reseller and poses a very real threat to your customers, as well as your business. In order to tackle this, IT resellers can position themselves as cyber-security specialists, working with your customers to help them achieve a Cyber Essentials certification and transform their IT resilience.

This presents an incredible opportunity for you to add value for your customers and demonstrate your technical knowledge, helping them to make changes within their IT that will build their tolerance and tackle basic weaknesses and exploits in their infrastructure, preventing thousands of pounds worth of damage and threatening the survival of their business.

If you have any questions around Cyber Essentials and our partner hub or just want to have a chat, drop us a line at hello@cybersmart.co.uk.

This article was previously published by Marathon PS – one of our first partners.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

Cybersecurity and data protection can seem overwhelming. There’s a glut of advice on the internet, but it’s difficult to know where to start. At CyberSmart, we believe cybersecurity should be accessible and easy for everyone. So we’ve compiled a series of useful policies and procedures to help you find your way through the cyber-compliance jungle. This time, we’re looking at how to set up an information security policy.

(more…)

Ignore this at your peril…

You’ve built a business, solved a problem, hired a team and planned for your future. There’s only one thing that can bring your empire crashing down before you can say “two-factor authentication”, and that’s a data leak. Since we’re literally obsessed with security, we’ve brought in the big guns — Jamie Akhtar of CyberSmart— to get you back on track.

(more…)

Cybersecurity and data protection can be overwhelming. There’s enormous amount of advice on the internet, but it can be difficult to know how to get to started. At CyberSmart, we believe that Cybersecurity should be accessible and easy for everyone. So we’ve created a series of guides on how to protect your data, this week we’re tackling passwords. 

(more…)

In cyber, traditional compliance models are ineffective, inefficient and can sometimes cause a headache. So we decided to say CIAO to traditional compliance.

(more…)

We are thrilled to be partnering with IASME and Tresor Security to offer discounted Cyber Essentials Certifications for £225 plus VAT (instead of £300 plus VAT) and FREE platform use for one year for registered charities.

(more…)

At every cyber security event, people talk about the new General Data Protection Regulation (GDPR). It seems as the Cyber Security industry is obsessed with this new law and makes sure that everyone else knows about it too. Companies, consultants and lawyers are hopping on the GDPR train, because there is a significant opportunity for new services and products. However, there is also a lot of misconception going around and scaremongering, which is stereotypical for the cyber security industry.

(more…)

Cybersecurity and data protection can be confusing. There’s a wealth of information out there, but what’s good advice and what’s bad? And how do you get started once you know what you need to do? At CyberSmart, we believe that Cyber Security should be accessible and easy for everyone. So, we’ve put together a set of simple guides to help you get started, this time we’re talking user access control.

(more…)