EU Data Protection Supervisor Giovanni Buttarelli said yesterday that the first GDPR sanctions – fines, ultimatums, bans – will be imposed by the end of this year. Buttarelli co-ordinates the supervisory agencies across the EU, so he probably knows what …

Although it is largely expected that Internet giants like Facebook deal rapaciously with users’ personal data, it is astonishing that a publicly funded institution such as the NHS should decide to ignore the recommendations of its own CIO on the …

The EU GDPR (General Data Protection Regulation) issues administrative fines for non-compliance. The higher-tier fine is up to 4% of an organization’s global turnover or €20 million (about $24 million), whichever is greater. Although they differ in content, all 50 …

If you’re in someone’s supply chain (and, being a business, I take that as read), then your customers expect you to be cyber secure. If you’re not, it looks like you’re in trouble. A survey released by Opinium shows that …

Yesterday, GRC International Group Plc announced its financial results from the year to 31 March 2018. You can see the results announcement and shareholder presentation on our group website.

Just before the millennium, Steve Watkins and I wrote IT Governance: A Manager’s Guide with the specific intention of arming boards and senior managers with the tools to enable them to properly govern information security in their organisations. The book …

Recent ISO statistics show that the number of ISO 27001 certificates worldwide increased by 19% last year, to a total of almost 40,000. The UK grew at 34% and the USA at 36% – both countries that understand the need …