General Data Protection Regulations
The European Data Protection Regulation (GDPR) is now being enforced.
Under GDPR, all businesses that wish to provide goods and services to EU residents are required to conform to the requirements it lays down. All businesses are deemed in scope unless they prove otherwise. Undertaking Cyber Essentials and IASME Governance, the latter of which includes GDPR requirements, is a good way to visibly show your customers that you have put things in place to meet the Regulation.
Article 5, Principle 6 of the GDPR requires organisations to use ‘appropriate technical or organisational measures’ to ensure ‘appropriate security of the personal data’. You can see how IASME’s certifications support GDPR requirements here.
Further information and guidance on GDPR is available via the website of the Information Commissioner’s Office.
Certification against both IASME and the Cyber Essentials will indicate a good level of all-round information security.
Insurance with Cyber Essentials
Companies that get certified to Cyber Essentials via the IASME Accreditation Body (AB) or any of their Certification Bodies (CBs) will automatically receive Cyber Insurance if they are domiciled in the UK, certify their whole company and their turnover is under £20m.
If you suffer a data breach, hack or other cyber incident you should immediately contact the 24 hour helpline listed on your insurance schedule. The policy will provide crisis management and incident response services appropriate to your circumstances. Do not delay in reporting the incident as this could jeopardise the claim. Remember to keep a paper copy of your insurance schedule as you may not be able to access an electronic copy in the event of a data incident.
The insurance is provided by AIG. In the event of a claim they will appoint their specialist consultants to assist and advise you.
The insurance provided with certification gives you a £25,000 limit of indemnity. If you require a higher limit contact or call 01905 21681.