Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

GDPR

Filter by category
Filter by topic
Don’t be complacent because GDPR has yet to show its teeth

Don’t be complacent because GDPR has yet to show its teeth

When the General Data Protection Regulation (GDPR) was first discussed, there were headline figures about the size of fines. Where fines levied by the Information Commissioners Office (ICO) under..

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

Pen testing: why businesses need to be proactive not reactive ahead of the peak retail period

A breach at any time of the year is bad for business. But with the highest volume of sales – both retail and online – occurring between Black Friday..

Why get ISO27001 certification?

Why get ISO27001 certification?

We are sometimes asked the question, why get ISO27001 certification? The answer is that the ISO standard, and ISO 27001 compliance in particular, demonstrates that your organisation takes information..

GDPR and data security in the gambling industry

GDPR and data security in the gambling industry

This article first appeared in the Q3 edition of Casino & Gaming International  (CGi ) and appears here with their kind permission. As the implications of the General Data..

Pen testing: seeing both the wood and the trees

Pen testing: seeing both the wood and the trees

If recent well-documented breaches tell us anything it is that even organisations with large budgets and skilled cyber security teams can miss something. In spite of their best efforts,..

Cyber insurance may be null and void without ‘due care’

Cyber insurance may be null and void without ‘due care’

There is a worrying trend in the world of cyber safety. Many companies believe that cyber insurance will protect against any damage associated with a breach. It is vital..

Retained Forensics & Incident Response Service: how planning for the worst can add value to your business

Retained Forensics & Incident Response Service: how planning for the worst can add value to your business

By Paul Brennecker, Principal Security Consultant and Lead QSA Paul Brennecker gave a presentation at PCI London on 5th July 2018 and this article first appeared in that event’s..

How phishing scams are getting schools into deep water

How phishing scams are getting schools into deep water

While many schools are concerned about the advent of the General Data Protection Regulation (GDPR) and what it means for the collection and holding of data, permissions and consent,..

Wondering where DPA and GDPR overlap? The Yahoo! ruling by ICO can provide some clarity

Wondering where DPA and GDPR overlap? The Yahoo! ruling by ICO can provide some clarity

A recent investigation by the Information Commissioner’s Office (ICO) highlights an interesting aspect of the current system. Although the ruling against Yahoo! was announced on 12th June 2018, three..

The GDPR compliance fallacy

The GDPR compliance fallacy

There is a curious irony that the enactment of the General Data Protection Regulation (GDPR), drawn up to protect the rights of individuals and their right to online privacy,..

The key to GDPR is common sense

The key to GDPR is common sense

by Tom Fairfax, Managing Director It is not often that EU-wide legislation is likened to a children’s story. Consider, however, the story of Goldilocks and the three bears. When..

How PCI compliance puts you on course for GDPR

How PCI compliance puts you on course for GDPR

For a long time the General Data Protection Regulation has been looming on the horizon but in just a few short days it will arrive; a permanent aspect of..

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

PCI DSS: With charities gearing up for contactless payments what could possibly go wrong?

More than 40 organisations, including McMillan Cancer, the NSPCC, the RNLI and the Church of England, have introduced technology which means that donations can be made with a quick..

Penetration testing: man vs machine

Penetration testing: man vs machine

We already know that the concept of thinking like a potential hacker is the basis of penetration testing. But merely thinking like a hacker is not enough. We must..

GDPR: 10 key issues facing UK higher education

GDPR: 10 key issues facing UK higher education

The world of higher education is about to be turned on its head. This is due to the imminent enactment of the General Data Protection Regulation (GDPR) which will..

GDPR: 10 key issues facing UK retailers

GDPR: 10 key issues facing UK retailers

The law regarding personal data will change on 25th May 2018 when the EU General Data Protection Regulation (GDPR) comes into effect. Replacing the UK Data Protection Act 1998,..

Free live webinar: GDPR – the roles of manual and automated penetration testing

Free live webinar: GDPR – the roles of manual and automated penetration testing

15:00 – 15:45 Thursday 8th March 2018 Have you tested to check your GDPR compliance? A key aspect of GDPR compliance is demonstrating that your systems are secure. Penetration..

Cyber Security Breaches Survey 2018 – shows that size matters and that numbers never lie

Cyber Security Breaches Survey 2018 – shows that size matters and that numbers never lie

As with any statistical report, the numbers in the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2018 provide a dizzying variety of analytical options. However,..

GDPR compliance: key issues facing law firms

GDPR compliance: key issues facing law firms

GDPR compliance: key issues facing law firms Only 25 per cent of law firms consider themselves to be compliant with the forthcoming EU General Data Protection Regulation (GDPR) which..

GDPR: the world will not stand still on 25th May 2018

GDPR: the world will not stand still on 25th May 2018

The 25th May 2018 is not an end date. Far from it. It marks the beginning of a new era in data protection but one that will continue to..

Are you ready for GDPR?

Are you ready for GDPR?

It is one thing knowing that the General Data Protection Regulation (GDPR) is coming and that compliance is mandatory from 25th May 2018. It is quite another to know exactly..

GDPR: a question of confidence

GDPR: a question of confidence

In a recent interview with SC Media, Amazon Web Services (AWS) Chief Information Security Officer (CISO) Stephen Schmidt explains how his organisation is set up for full General Data..

Shipping news: how to manage a ransomware attack

Shipping news: how to manage a ransomware attack

Disproving the idea that there is no such thing as bad publicity, the shipping company Clarksons is doing its level best to limit the PR damage caused by a..

What is the password?

What is the password?

By Gerard Thompson, Information Security Consultant With over 3,500 MPs, lords and staff, being a computer security administrator in the Houses of Parliament must be a stressful job. They..

Law practices are prime targets for criminals

Law practices are prime targets for criminals

PWC’s 25th Annual Law Firms Survey found that 73 per cent of respondents had suffered a security incident in 2016. These ranged from insider threats to the phishing of..

GDPR has been developed to protect us from breaches like Uber

GDPR has been developed to protect us from breaches like Uber

The term ‘reputational apocalypse’ has been used about the recent news of the Uber data breach cover-up. It’s no exaggeration. 57 million sets of customer and driver data were..

UK research highlights the lack of Chief Data Officers at C-suite level

UK research highlights the lack of Chief Data Officers at C-suite level

Research by the data science and marketing services company Profusion has revealed that UK businesses are falling behind their European counterparts. The report highlights the lack of Chief Data..

Women in IT

Women in IT

SRM’s GDPR specialist Melanie Taylor explains some of the challenges faced by women trying to get into the world of IT ‘I don’t understand why a woman with a..

After GDPR, what will happen to ICO notification fees?

After GDPR, what will happen to ICO notification fees?

When the General Data Protection Regulation (GDPR) comes into effect in May next year it will not require organisations to notify the ICO about what data they hold or..

Client files on home computers must be encrypted

Client files on home computers must be encrypted

Barrister fined by ICO for data protection breach A recent ruling by the Information Commissioner’s Office highlights the responsibility of professionals to safeguard client data held on their home..

It’s not a question of if, but when

It’s not a question of if, but when

Why board level commitment is a vital part of cyber defence It is difficult to defend against an attacker who only needs to succeed once. Security systems might defend..

Today: new UK Data Protection Bill published

Today: new UK Data Protection Bill published

The new UK Data Protection Bill, published today, will come into force next May. As part of the multi-million pound National Cyber Security Strategy, the new legislation will effectively..

The Equifax breach and how it impacts the UK

The Equifax breach and how it impacts the UK

Cyberattacks do not recognise national boundaries, as the latest breach concerning the US credit rating firm Equifax proves. So although the company has now reported the breach of 143..

How US internet giants are tackling the issue of GDPR compliance

How US internet giants are tackling the issue of GDPR compliance

It is rare that anyone ever feels much sympathy towards the behemoths of the internet, Facebook and Google. But spare a thought for these giants when it comes to..

Time running out for GDPR compliance

Time running out for GDPR compliance

Time is running out for UK businesses. By 25th May 2018 every business, charity and organisation needs to be ready for the General Data Protection Regulation (GDPR). Because from..

What does GDPR mean to SMEs?

What does GDPR mean to SMEs?

by Melanie Taylor, Information Security Consultant “With less than a year to the deadline for compliance with the General Data Protection Regulation, all companies should have assessed what they..

Not all publicity is good, especially when it comes to data breaches

Not all publicity is good, especially when it comes to data breaches

While most businesses are pleased to receive free publicity, spare a thought for Berkshire-based Boomerang Videos. Not only did the firm’s website suffer a cyber attack in 2014, but..

The new Data Protection Bill and GDPR

The new Data Protection Bill and GDPR

It’s official. It was widely expected that the EU data protection rules contained within the General Data Protection Regulation (GDPR) would be implemented by the UK, regardless of the..

Phishing and GDPR compliance

Phishing and GDPR compliance

By Paul Brennecker, Principal Consultant, CISM | PCI QSA | PCI PFI | PCIP There is a saying that a chain is only as strong as its weakest link. This,..

Ransomware – Could it be you?….

Ransomware – Could it be you?….

Complacency has always been the enemy of safety; in today’s world, we are all vulnerable! The digital (cyber) environment may sometimes be opaque and difficult to understand, but it..

No breach too small – the ICO takes action against charities

No breach too small – the ICO takes action against charities

In December 2016 the Information Commissioner’s Office (ICO) fined a historical society £400 after a laptop containing personal data was stolen while a member of staff was working away..

Data protection – the gap widens across the Atlantic

Data protection – the gap widens across the Atlantic

Data protection is a global issue. Yet it is being approached in very different ways on either side of the Atlantic. While Europe and Britain will embrace the more..

Prevention and cure: working out an information security budget

Prevention and cure: working out an information security budget

The Chancellor recently announced a £425 million government investment in the NHS over the next three years. While pundits speculate on what this will actually mean for our vital..

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

The uncertainty of Brexit, the certainty of GDPR and the responsibilities of the CISO

As Britain navigates its way through the choppy waters of Brexit, there is a great deal of uncertainty about exactly what form our new relationship with Europe will take...

If Brexit means Brexit, what does GDPR mean?

If Brexit means Brexit, what does GDPR mean?

Politicians do tend to favour soundbites and Theresa May is no exception. So when she said that “Brexit means Brexit” some nodded their heads as if this simple statement..

GDPR: the impatient tiger

GDPR: the impatient tiger

  General Data Protection Regulation (GDPR) is an impatient tiger. That is, it has many more teeth and much less patience than its predecessor, the comparative kitten that is..

If the UK votes to leave the EU, will we still have to comply with GDPR?

If the UK votes to leave the EU, will we still have to comply with GDPR?

The 23rd June referendum is fast approaching and it is getting increasingly difficult to get simple answers to simple questions. As we think about how we will vote, just..

Navigating the minefield of info-security compliance

Navigating the minefield of info-security compliance

A company trying to navigate the minefield of info-security compliance may think of it as a daunting task. On one side is PCI DSS and Data Protection while on..

PCI DSS is a useful tool in GDPR compliance

PCI DSS is a useful tool in GDPR compliance

By Paul Brennecker, Principal QSA, PCI PFI, PCIP The countdown to European-wide data protection is on. But while some businesses will be anxious about how to ensure compliance with..

Learning to love the new EU cyber security regulations

Learning to love the new EU cyber security regulations

2015 ended on a bombshell of legislative changes creating an air of unwelcome uncertainty for businesses. Yet, they need not be a cause for concern. The announcement of the..

Understanding the role of Chief Information Security Officer (CISO)

Understanding the role of Chief Information Security Officer (CISO)

Making a case for the VirtualCISO Few company directors have a deep knowledge of corporate law, or a detailed understanding of investment planning or tax implications. They employ offsite..

GDPR and the strengthening of individual data protection rights

GDPR and the strengthening of individual data protection rights

By Chris Ince, Information Security Consultant “The processing of personal data should be designed to serve mankind.” (Council of the European Union, 2015) On 8th December the European Parliament, Council..