Red Island's consultants were able to effectively and pragmatically assist us in establishing a route from where we were to gaining accreditation across the scope of the whole organisation. The fact we obtained accreditation within our aggressive timescales for such a wide scope is testament to the professionalism and experience of Red Island. 
Information Leakage
Every week organisations within both the public and the private sector are being embarrassed by the regular flow of press articles concerning personal information leakage and loss. Public confidence is being damaged and the knock on effect could be substantial.
Every organisation, under the Data Protection Act, has an obligation to protect any personal information that they collect, process or use, therefore every time personal information is lost, corrupted or disclosed without authorisation, the organisation has broken the law.
Data Protection Act
The objective of the Data Protection Act (98) is to control the collection, storage and use of personal data. It is applicable to data held in a range of different forms (including images, sound and text) and media (paper, electronic, microfilm, etc.).
The legislation centres around eight principles and all organisations, whether from within the Government or NHS, from a School, Group of Companies, Limited or Public Limited Companies, Partnership, Sole trader or Voluntary, must comply with the Data Protection Act.
Civil Contingencies Act
For public sector organisations there is the Civil Contingencies Act.
The legislative requirements of the Act can be split into seven key areas outlined below:
- Co-operation between all Category 1 and 2 responders
- Information sharing
- Risk Assessment
- Emergency Planning
- Business Continuity Planning
- Communicating with the public
- Business Continuity Advice to Business and Voluntary Organisations
The framework that these seven key duties adhere to within the act has been designed to provide and facilitate an ongoing cyclical process ensuring each aspect feeds into one or more other processes. The result of this interaction is a fully integrated approach and Red Island Consulting have guided many organisations through this process.
Red Island's Approach
Red Island’s approach to compliance is pragmatic and involves the following stages:
- Identifying personal data information assets
- Determining the different ways that personal data is processed
- Comparing the way data is processed with the requirements of the eight data protection principles and other legal and regulatory requirements
- Reporting any mismatches between stages 2 and 3
- Ensuring appropriate policies and procedures are in place, i.e. a Data Protection System, so that compliance is achieved by staff adhering to them.
DPA Health Check
Red Island can help you feel assured that you comply with the Data Protection Act (98) by undertaking a full Data Protection GAP assessment against all 8 principles of the Act:-
Our DPA GAP assessment/audit will;
- Identify and document all of the personal information held or processed by your organisation and the supporting processes, people, IT information systems or buildings which create process or store that information.
- Include an implementation/business improvement plan detailing all required remedial actions needed for compliance.
Our GAP assessments start from just 5 days and give you the piece of mind that you know where all personal information exists within the organisation, who has access to this information and how it should be handled. It also brings the benefit of reduced risk of information leakage and subsequent prosecution.
Please contact us now on 0207 422 72159 for more information on your Data Protection and to book your GAP assessment.
