Data Security

Data and IT security should be on the radar and agenda for every business.  It is one of the most complex and widespread problems we are currently facing in the use of communication and information technology and covers the full spectrum of government, businesses and our daily life.

The scope of Data and IT security is recognised as a specialist area.  Best practices, guidelines, and frameworks like ISO27001/27002 are helping businesses to get a holistic view on this matter.  However dealing correctly with Data and IT security will impact your organisational behaviour and structure, technical infrastructure systems and staffing.

There is no silver bullet, there is only the road of continuous improvement.

A key element of Data and IT security is the continuous protection of personal data. Privacy of personal data (which can also be in written files) must be protected against misuse and theft.  This privacy protection is one of the regulated steps to be taken, known as General Data Protection Regulation (GDPR).

What does it mean for our members?

BASDA members are very familiar with the implications of Data and IT security.
Most of our members develop and maintain software, run IT infrastructure and service their customers with IT solutions.
They need to incorporate Data and IT security into their organisation, products and services and continuously develop and govern this.
Data and IT security is part of the business and requires, besides management commitment, and technology investments, also cultural change.

Prepare for GDPR

GDPR will come into force on 25 May 2018, when the UK is likely to still be in the EU.
To be compliant requires timely preparation.

  • Start to consider which parts of your operations are established in the UK and may be affected by proposed changes.
  • Identify personal data flows from the European Economic Area to the UK.
  • If the UK also leaves the European Economic Area at the time of leaving the EU, flows of personal data from the European Economic Area countries to the UK will become prohibited without new adequate safeguard measures being adopted.
  • Identify your UK establishments which monitor the behaviour of, or offer goods and services to, citizens in the EU/EEA.
  • Such UK establishments may be subject to GDPR despite Brexit due to the new territorial scope of GDPR which extends beyond the EU.
  • Monitor the UK data protection authority’s statements on Brexit, GDPR and how to remain compliant – current ICO guidance is to continue to prepare for GDPR.
  • If your main EU establishment is currently in the UK, consider where your No. 2 establishment in the EU is based, as that is likely to be where your lead EU data protection supervisory authority will be located under GDPR.
  • Consider with expert input how best to marry your UK compliance programme with approaches which also appropriately anticipate sensitivities and requirements from your expected lead data protection supervisory authority.
  • Check for relevant developments at regular intervals and keep your plans up to date accordingly.

Commitment from BASDA

We continue to actively understand Data and IT security requirements and GDPR related issues and to keep our members informed accordingly.

With solution oriented recommendations from members and partners we will share our views, solutions and experiences.

We are committed to helping our members achieve the best result for their business and customers.

News and Insights

Keep up to date with Industry News and Insights from across the BASDA membership.

Get Involved

Find out more about the benefits of BASDA and how to join.