Data Protection & Risk
The ICO can act against any organisation who has failed to appropriately protect personal information, up to and including financial penalties. This includes cyberattacks and data breaches (both with intent and accidental).
In the UK, you must be able to demonstrate your compliance with the UK Data Protection Act (2018) and the EU GDPR Legislation.
The alternative is to consider the IASME Cyber Essentials and Cyber Assurance certifications.
Cyber Essentials; is focussed on assessing your technical controls to ensure you have them in place to protect you from the vast majority of common cyberattacks.
Cyber Assurance; is focussed on assessing the confidentiality, integrity and availability of your assets (people, buildings and business information) through policies and procedures.
Cyber Essentials Plus and Cyber Assurance Level 2, the higher-level certifications, give the added reassurance of an independent assessment by our certified assessor.
Combining these certifications demonstrates you have taken appropriate steps to adequately protect your data, including any personal data you hold.