Data Protection Audit

Data Protection Audits

Need to carry out a Data Protection Audit, but there’s little or no internal resource available?

Data Protection Compliance can be daunting to many small, medium and Blue Chip organisations in the UK. We know and understand from our clients that having the resource to carry out an internal Data Protection Audit may not be possible and if done incorrectly, could cost your business thousands of pounds. Suddenly for many businesses the realisation of non-data compliancy becomes a threat.

To carry out a thorough Data Protection Audit knowledge is key, BEP Systems have a team of experienced Advisors  so you can feel assured knowing that your data is in safe hands.

Download the Information Commissioner’s Office – Guide To Data Protection and A Practical Guide to IT Security

Introducing the Data Protection Health Check

To carry out a thorough Data Protection Audit knowledge is key;  BEP Systems have a team of experienced Independent Data Protection Advisors who will initially discuss and propose a plan to initiate the Data Protection Health Check, which can be specifically tailored to meet the needs of your organisation.  Following the initial consultation, BEP offer a fixed based price so you can be assured that there will be no extra charges – a cost effective solution to enable your company to become Data Protection compliant.

The Health Check will identify the types of personal information held and processed by your organisation and assess the risks associated with them. This includes an assessment of the following:

• Policies and procedures relating to information management
• How personal information is collected
• Processing of personal information
• Maintenance and retention of personal information
• Technical and organisational security

The resulting report will highlight risk areas, recommend solutions tailored to your business and sets policies designed to minimise exposure from non-compliance.

Following the initial Audit BEP provide Training and Advice for next steps as required.

You’re just a few steps away from total DPA Compliancy to talk directly call: 01295 722851 or  Request a Call Back

The Business Case

Businesses today face a growing range of information security threats and ensuring compliance with legal requirements such as the Data Protection Act 1998 can be challenging. Few small and medium sized enterprises (SMEs), apply sufficient controls to safeguard their sensitive information and are inclined to regard security as “someone else’s problem”.

In May 2008 the Data Protection Act was amended to give the Information Commissioner the power to fine organisations in cases of poor data handling. The Commissioner is now able to levy fines of up to £500,000 for serious breaches of the Act. It is possible to receive a criminal conviction and a fine of £5,000 simply for not notifying the ICO that your organisation processes personal data. Added to this is a media alert to data protection breaches creating nervousness among business leaders over bad publicity.

Whilst most highly publicised losses have been from large, publicly owned organisations, there are a significant number of smaller businesses whose failure to secure customer and staff information has led them to being publicly reprimanded by the Information Commissioner (ICO).

Between October 2010 and January 2011, hackers accessed the payment details of 5,000 of cosmetic retailer Lush’s customers due to weaknesses in their website. Tunbridge Wells Equitable Friendly Society Limited had to sign a public undertaking when they accidentally sent an account statement to the wrong person. Thefts of paper work and unencrypted laptops continue to infuriate the ICO, with a recent statement from Acting Head of Enforcement, Sally Anne Poole stating:

“The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress – must be encrypted. This is one of the most basic security measures and is not expensive to put in place – yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily.”

There is an ever growing risk of security breaches, due to lax security controls or staff error, leading to financial and reputational damage. This is being recognised by larger organisations that subcontract work to SMEs, many of whom now include more stringent contractual terms, passing on the risks and embarrassment of loss to their contractors.

BEP Data Protection Services:

Data Protection Health Checks Data Protection Health Checks for SMEs Bespoke Data Protection Audits Information Risk Analysis Website Compliance Audits E-commerce Compliance Audits

Marketing Compliance Audits HR compliance Audits Information Security Policy Information Privacy Policy Telephone and E-mail Support Staff Training and Awareness

Click here to request a call back or telephone 01295 722851 to discuss how BEP can help your organisation achieve DPA compliance quickly and cost effectively.

 

Useful links

The Data Protection Act 1998 can be downloaded in full here: The Data Protection Act

This is the Information Commissioner’s guide to the Data Protection  Act

Finally, here’s a link to the Information Commissioner’s Office 

Latest News

• Hitachi Data Systems partners with BEP & Digilink to bring data mobility with security to Microsoft SharePoint including Office 365
• BEP Systems Ltd Signs Agreement with Axcess Canada Inc to Market CaelumOne Content Management Platform in Europe
• BEP Systems Awarded G-Cloud V Supplier Status
• BEP Systems sign key partnership deal with DigiLink
• BEP Systems partners with Hitachi Data Systems to advise businesses on compliance around ‘Big Data’
• BEP Systems enters into Partnership with Repstor

Get In Touch

Submit