Cyber | Information Security Consulting

How to get Cyber Essentials Certification

Posted by christie O on  August 20, 2018

Comments Off on How to get Cyber Essentials Certification

How to get Cyber Essentials Certification

I get calls from clients asking we need to to be certified for Cyber Essentials.

We need it to bid for tenders. So I ask them what tenders?

They mostly reply government tenders.

I say ok that’s a start. Why not look at it from the perspective that we want to be Cyber Secure.

We want to protect our infrastructure and reduce the risk and impact of a Cyber attack and make it part of your best practice?

Now I explain the differences between Cyber Essentials Basic and Cyber Essentials Plus.

This is a government initiative assisting businesses to be Cyber Secure. The government launched this scheme on 5 June 2014.

Cyber Essentials Basic consist of answering self assessment questionnaire by a certification body, your answers are assessed and you be issued a Cyber Essentials Certification if there no compliance issues.

In order to achieve the Cyber Essentials Plus your organisation would have achieved the Cyber Essentials Basic. The next step is an Auditor appointments by a certification body will conducted Vulnerability Scan of your IT infrastructure.

Benefits of Cyber Essentials

It can give your business a competitive advantage; your clients will feel assured that you are keeping their information safe.
Cyber Essentials Certification will enhance your brand.

Protect against typical cyber threats.

Put in good standing to get that government contract.

More information on are website

General Data Protection Regulation (GDPR)

Posted by christie O on  August 20, 2018

Comments Off on General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) What it’s all about?

The countdown has begun here a brief overview.

The new GDPR is meant to protect all EU citizens  their privacy and data.  The new General Data Protection Regulation (GDPR) will come into force on 25th May 2018. In the data driven world that organisations operate this has been a crucial change superseding the UK Data Protection Act 1998. The major changes are how they affect organisations and their operations. When the GDPR takes effect it will replace the data protection directive (officially Directive 95/46/EC) General Data Protection Regulation (“GDPR”), the Article 29 Working Party (“A29WP”)

​Who does the GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’ in all types of organisations. The definitions are broadly the same as under the DPA – the controller states how and why personal data is processed and the processor acts on the controller’s behalf

When does the right to data portability apply?

The right to data portability only applies:

  • Personal data an individual has provided to a controller;
  • Where the processing is based on the individual’s consent or for the performance of a contract; and when processing is carried out by automated means.


Valid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children must be given by child’s parent or custodian, and verifiable (Article 8).

Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn

Data Controller

Majority of the change applies to data controllers. Organisations enforced by the data controller must designate a Data Protection Officer.  The data controller has the responsibilities of processing and monitoring of data subjects.  We are talking about automated data here.

Who is the data controller?

A data controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files

Data Subject

Article 10

Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it:

(a) The identity of the controller and of his representative, if any,

(b) the purposes of the processing for which the data are intended,

(c) any further information such as

  • the recipients or categories of recipients of the data;
  • whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply;
  • the existence of the right of access to and the right to rectify the data concerning him insofar as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject.


The new GDPR penalties states that organisations that are breached can be fined can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).  The GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.


Subscribe To Our Newsletter

Enter your email to receive a weekly round-up of our best posts.