Data and IT security should be on the radar and agenda for every business. It is one of the most complex and widespread problems we are currently facing in the use of communication and information technology and covers the full spectrum of government, businesses and our daily life.
The scope of Data and IT security is recognised as a specialist area. Best practices, guidelines, and frameworks like ISO27001/27002 are helping businesses to get a holistic view on this matter. However dealing correctly with Data and IT security will impact your organisational behaviour and structure, technical infrastructure systems and staffing.
There is no silver bullet, there is only the road of continuous improvement.
A key element of Data and IT security is the continuous protection of personal data. Privacy of personal data (which can also be in written files) must be protected against misuse and theft. This privacy protection is one of the regulated steps to be taken, known as General Data Protection Regulation (GDPR).
What does it mean for our members?
BASDA members are very familiar with the implications of Data and IT security.
Most of our members develop and maintain software, run IT infrastructure and service their customers with IT solutions.
They need to incorporate Data and IT security into their organisation, products and services and continuously develop and govern this.
Data and IT security is part of the business and requires, besides management commitment, and technology investments, also cultural change.
Prepare for GDPR
GDPR will come into force on 25 May 2018, when the UK is likely to still be in the EU.
To be compliant requires timely preparation.
- Start to consider which parts of your operations are established in the UK and may be affected by proposed changes.
- Identify personal data flows from the European Economic Area to the UK.
- If the UK also leaves the European Economic Area at the time of leaving the EU, flows of personal data from the European Economic Area countries to the UK will become prohibited without new adequate safeguard measures being adopted.
- Identify your UK establishments which monitor the behaviour of, or offer goods and services to, citizens in the EU/EEA.
- Such UK establishments may be subject to GDPR despite Brexit due to the new territorial scope of GDPR which extends beyond the EU.
- Monitor the UK data protection authority’s statements on Brexit, GDPR and how to remain compliant – current ICO guidance is to continue to prepare for GDPR.
- If your main EU establishment is currently in the UK, consider where your No. 2 establishment in the EU is based, as that is likely to be where your lead EU data protection supervisory authority will be located under GDPR.
- Consider with expert input how best to marry your UK compliance programme with approaches which also appropriately anticipate sensitivities and requirements from your expected lead data protection supervisory authority.
- Check for relevant developments at regular intervals and keep your plans up to date accordingly.
Commitment from BASDA
We continue to actively understand Data and IT security requirements and GDPR related issues and to keep our members informed accordingly.
With solution oriented recommendations from members and partners we will share our views, solutions and experiences.
We are committed to helping our members achieve the best result for their business and customers.
News and Insights
Keep up to date with Industry News and Insights from across the BASDA membership.
Tell us about MyPAYE MyPAYE Online Payroll has been providing UK Employers with a fully cloud-based payroll solution since 2006 at just £1 per employee paid per month. We cover CIS, Auto Enrolment, Timesheets and Expenses, integration with the leading online accounts...
Tell us about All Things Web® All Things Web® (ATW) are a bespoke digital marketing agency supporting businesses of all sizes across the UK. We help businesses with lead generation, digital strategy, customer engagement, brand awareness and online visibility, through...
Businesses - be prepared as your core systems may not be fully ready for 1st January 2021 BASDA and the Institute of Directors (“IoD”) today (13 December 2020) voiced their concerns that core business systems may not be fully ready for 1st January 2021 despite all the...