If there are any positives to come out of the Butlin’s data breach, it’s that they reported it within 72 hours – a requirement of the EU GDPR (General Data Protection Regulation). The breach, which has apparently affected some 34,000 …

GRC International Group plc and all its companies, including the IT Governance one-stop shops, now have a PIMS (personal information management system) certified to BS 10012. We’ve long recommended to clients that the best way to build a privacy compliance …

IT Governance and group companies have been independently audited against the requirements of BS10012 and recommended for certification. As we were already GDPR compliant, and already had a mature management system that integrates the requirements of ISO/IEC 27001 and ISO …

As organisations across the world look forward to the holiday season, it’s worth reviewing the perspective of data thieves and cyber attackers. If key staff are on holiday, cyber security defences will be weaker and less agile. If remaining staff …

I’ve talked, for some years, about the disconnect between managements stating that cyber security is on their agenda, or under control, and the rapidly rising number of data breaches, as reported in multiple surveys and reports, as well as increasingly …

An ‘ad hominem’ attack is a rhetorical device that attempts to invalidate an argument by undermining the credibility of the argument’s proponent: kill the messenger in the hope that the message will also die. In its modern form, the objective …

GDPR comes into force in May 2018. The UK will still be a member of the EU at that point and, even if Mrs May hadn’t pledged that the UK would be a ‎fully-functioning member right up to the point …