Personal data is the lifeblood of many organisations, but they need to keep that information secure. If they don’t, they face reputational damage, lost time and money recovering from the incident and maybe even fines.
Regulators will impose fines or other disciplinary action if organisations fail to comply with information security laws that they are subject to, including:
- The Data Protection Act 1998
- The Bribery Act 2010
- The Computer Misuse Act 1990, as amended by the Police and Justice Act 2006
- The Data Retention and Investigatory Powers Act 2014
- The Defamation Act 1996
- The Digital Economy Act 2010
- The Freedom of Information Act 2000
- The Intellectual Property Act 2014
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- The Public Records Act 1958
- The Re-use of Public Section Information Regulations 2015
There’s also the EU General Data Protection Regulation (GDPR) to contend with. This law, which takes effect on 25 May 2018, marks a significant increase in responsibility for all organisations that process EU residents’ personal data. The UK is subject to the law until 29 March 2019, when it officially leaves the EU, but even then, most of the GDPR’s compliance requirements will be enshrined in the Data Protection Bill.
To meet their legal requirements, and to avoid the reputational and financial damage of a breach, organisations need to identify which laws they are subject to and how to comply. Our Compliance Manager is a subscription service that helps you do just that.
Compliance Manager helps organisations pinpoint the steps they need to take to comply with dozens of IT-related laws. Its interactive database lists the applicable clauses from each law and provides guidance on implementing them, mapped against the appropriate best-practice controls from Annex A of ISO 27001, the international standard for information security management systems.
For each law, Compliance Manager includes effective dates, implementation requirements and links to the legislation.
You can also add your own requirements or controls that are applicable to your organisation.
This is a Security Bloggers Network syndicated blog post authored by Luke Irwin. Read the original post at: Vigilant Software Blog