Red Island's consultants were able to effectively
and pragmatically assist us in establishing a route from where we were
to gaining accreditation across the scope of the whole organisation.
The fact we obtained accreditation within our aggressive timescales for
such a wide scope is testament to the professionalism and experience of
Red Island. 
Information Leakage
Every week organisations within both the public and the private sector are being embarrassed by the regular flow of press articles concerning personal information leakage and loss. Public confidence is being damaged and the knock on effect could be substantial.
Every organisation, under the Data Protection Act, has an obligation to protect any personal information that they collect, process or use, therefore every time personal information is lost, corrupted or disclosed without authorisation, the organisation has broken the law.
Data Protection Act
The objective of the Data Protection Act (1998) is to control the collection, storage and use of personal data. It is applicable to data held in a range of different forms (including images, sound and text) and media (paper, electronic, microfilm, etc).
The legislation centres around eight principles and all organisations, whether from within the Government or NHS, from a School, Group of Companies, Limited or Public Limited Companies, Partnership, Sole trader or Voluntary, must comply with the Data Protection Act.
BS 10012:2009
The British Standards Institute has recently released a new standard, BS 10012:2009 Data Protection - Specification for a personal information management system.
Red Island Consulting, whilst assisting in the protection of personal information, has always encouraged organisations to implement a management system of continual improvement. BS 10012:2009 now provides a benchmark to reinforce this advice.
The personal information management system now provides a framework to enable organisations to maintain and improve compliance to both UK and European Legislation. It is based on the Plan-Do-Check-Act Model already well established for Information Security and IT Service Management.
The Key activities within this management include:-
- Identifying and allocating roles and responsibilities throughout the organisation.
- Identifying the personal information assets and undertaking risk assessments.
- Implementing policies and processes to support the 8 principles of DPA (1998).
- Managing incidents resulting in a breach of confidentiality, integrity, availability and legislation.
- Undertaking internal audits to verify compliance against policies, processes and legislation.
- Underaking corrective and preventive actions to improve effectiveness and efficiency of protection of personal information.
Data Protection Consultancy
As well as being Europe's leading provider of ISO27001 consultancy services, Red Island are also leading providers of consultancy services for the protection of Personal Information. Services include:-
- Implementing Personal Information Management Systems (PIMS) compliant to BS 10012:2009.
- Undertaking DPA (1998) and BS 10012:2009 compliance and third party audits.
- Providing training and awareness in protection of personal information.
Additionally, all of our Data Protection projects come with Red Island's unique 100% guarantee of success.
DPA Health Check
Red Island can help you feel assured that you comply with the Data Protection Act (1998) / BS 10012:2009 by:-
- Undertaking a full Data Protection GAP assessment against all 8 principles of the Act and the requirements of the standard.
Our DPA GAP assessment/audit will;
- Identify and document all of the personal information held or processed by your organisation and the supporting processes, people, IT information systems or buildings which create process or store that information.
- Include an implementation/business improvement plan detailing all required remedial actions needed for compliance.
Our GAP assessments start from just 5 days and give you the piece of mind that you know where all personal information exists within the organisation, who has access to this information and how it should be handled. It also brings the benefit of reduced risk of information leakage and subsequent prosecution.
Please contact us now on 020 7090 1091 for more information on your Data Protection and to book your GAP assessment.
