Connect with us


GDPR: data security four years on



Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed in the UK since the Data Protection Act of 2018.

If you work with data in any shape or form, you should be familiar with GDPR: the General Data Protection Regulation.

GDPR is a framework in European Union (EU) law designed to standardise data privacy laws across EU member countries in Europe, regulating how businesses share information and improving protection for consumers. This mutually agreed legislation came into play in 2018 to replace previous data protection rules across the continent, which had existed long before data was created and shared at the scale it is today.

On the same day in 2018, the UK government published a new Data Protection Act (DPA) — a legal framework governing personal data and the flow of information in the United Kingdom. Like the EU GDPR, this law updated the existing Data Protection Act of 1998 and came into effect on 28 May 2018.

Much has changed since these frameworks were first announced, and the guidance for data protection has evolved as a result. Consequently, even if your business was compliant when the GDPR legislation was first published, that doesn’t mean that it still is today.

So, how have the rules changed, and what must businesses do to ensure they aren’t falling short of the mark?

What’s the purpose of GDPR?

According to GDPR laws, all organisations that process personal data must comply with data protection legislation, regardless of their size.

Simply put, personal information is any information that someone could use to identify a living person, including names, email and home addresses, identification numbers and IP addresses.

GDPR and the DPA 2018 state that organisations must have a clear purpose for collecting personal information and allow individuals to review, amend or challenge data processing practices. Furthermore, businesses must implement appropriate security measures to mitigate against cyber attacks and data misuse and disclose any security incidents involving customer data.

The size of a business will determine the extent of its GDPR obligations. The Information Commissioner’s Office (ICO), responsible for upholding information rights in the public interest, may grant exemptions case-by-case. Exemption from GDPR is dependent on a company’s ability to prove that compliance with UK GDPR will prevent, seriously impair or prejudice the achievement of processing purposes. However, businesses shouldn’t routinely rely on exemptions.

Failure to comply with GDPR can increase a company’s risk of experiencing a data breach and the reputational and financial damage that follows. What’s more, it can lead to hefty compliance fines. So, it’s in business leaders’ best interest to ensure they achieve and retain GDPR compliance for their organisation.

How has GDPR changed since 2018?

In the context of data protection, one of the most significant events that have occurred since the original legislation was released is the United Kingdom leaving the EU.

The DPA 2018 incorporated EU GDPR and passed before Brexit legislation came into effect. As the DPA 2018 was constructed and intended to be read alongside the EU GDPR, which no longer has domestic application here, it’s since been adjusted to reflect the post-Brexit changes to domestic data privacy laws.

The amended ‘UK GDPR’ and DPA 2018 apply to UK organisations that store, collect or process personal data pertaining to individuals residing in the UK and to non-UK organisations that offer goods or services to UK residents. Alternatively, the EU GDPR only applies to organisations and individuals living in or trading with countries in the EU.

Overall, the fundamental principles, rights and obligations associated with GDPR haven’t changed. However, some differences between the UK and EU GDPR have already impacted businesses — or are likely to soon.

The government’s 2021 data strategy consultation, ‘Data: A new direction’, outlined aims to simplify policies from the EU GDPR, reducing regulatory burdens on businesses and incentivising organisations to invest more effectively in data protection. These proposals suggest changes to data protection recommendations for accountability frameworks, artificial intelligence and machine learning, legitimate interests, direct marketing and more.

The future UK data protection framework will favour a more risk-based approach and permit greater flexibility for businesses. Once implemented, these amendments will influence the way organisations are required to record and assess data privacy.

Why should businesses stay up to date with UK GDPR?

As the needs and demands of the digital world continue to evolve, legislation concerning data protection is constantly changing.

The ICO regularly publishes updated guidance for various data protection applications, as controllers and processors manage ever-increasing volumes of personal information.

For example, the Privacy and Electronic Communications Regulations (PECR), which also sit alongside the DPA 2018 and UK GDPR and give people specific privacy rights concerning electronic communications, were amended six times between 2004 and 2018.

In the EU, the PECR directive was due to be replaced by the ePrivacy Regulation (ePR) in 2018 — an update intended to clarify how website operators should handle the use of cookies and complement GDPR. However, the implementation of this regulation has been delayed and isn’t expected to come into force before 2023.

It’s not yet known whether the UK will fully implement the ePR’s requirements. Still, as UK companies are likely to continue doing business in EU countries, this legislation may impact UK businesses. So, understanding and following UK GDPR and DPA rules are crucial for any business that handles personal data.

For professional services industries such as accountancy, finance and law that regularly deal with large volumes of sensitive data, the risk and cost of a cyber attack are high. Solicitors and accountancy firms are likely to be considered ‘controllers’ of data; they’re responsible for determining how and why personal data is processed.

As such, it’s recommended that businesses seek the advice and support of a GDPR consultant that can make organisations aware of the latest legislation and ensure they are meeting their obligations under new laws.


For the PRA and the Bank of England, Operational Resilience requires better impact tolerances and more sophisticated service mapping




Jon Bennett, Chief Growth Officer at CloudStratex


Many financial organisations have now taken vital steps towards achieving an operationally resilient (OR) status. However, a speech recently delivered by the Bank of England’s Duncan Mackinnon rightly suggests that the process is far from complete.

With the passing of the March 2022 deadline, financial firms will have identified important services, set impact tolerances, and undertaken mapping and testing. However, the Bank of England has immediately turned its attention to the actions needed by 2025 – alongside some of the deficiencies identified in its findings thus far.

But what does this mean in a practical sense?

A key theme of the speech is that many organisations don’t yet have a detailed or consistent understanding of their own capacities for absorbing disruption – which means they need to embrace practices that promote visibility and understanding of their business and IT infrastructure

Jon Bennett

Further work for setting tolerances

Perhaps the key takeaway offered by this speech is simply that operational resilience involves a high degree of complexity.

This has certainly been our experience in helping clients to improve their resilience. After all, in large financial or finance-adjacent organisations, risk can take on a number of forms and appear across any and all aspects of an enterprise’s operations.

Finance departments will think about disruption in terms of its impact on financial reporting or project funding, for example, whereas the security side of a given firm might be more concerned over infrastructure vulnerabilities.

As a result of this layered and challenging environment – what Duncan Mackinnon calls the “ever-more complex and interconnected” operational nature of finance organisations – the speech suggests that firms moving towards operational resilience will need to make sure their processes for setting impact tolerances are suitably sophisticated.

Duncan Mackinnon illustrates this need by pointing out a high degree of variance between organisations that offer the same services, yet which point to highly different impact tolerances for those services.

The safety and soundness tolerances for CHAPS payments, for example, varied from two days to two weeks depending on the firm in question.

For Duncan Mackinnon, this means that “firms will have to justify how they came to the conclusions they have,” meaning that firms will need to have a clear understanding of the underlying causes of disruption in order to validate their self-assessments.

Understanding through effective service mapping

In order to achieve this level of understanding – particularly in light of the high degrees of complexity and interconnectedness in today’s IT infrastructure – service mapping is essential.

Service mapping is a means of discovering the application services in a given organisation, allowing firms to build a map comprising its various devices, applications, and configuration profiles.

The value of mapping isn’t just implicit in the broader project of achieving OR, but a primary focus of Duncan Mackinnon’s speech.

As he points out, “we expect firms’ mapping to include all critical resources and consider internal and external dependencies. Mapping should rapidly become more sophisticated, in line with firms’ potential impact. It should enable firms to identify vulnerabilities and inform the development of scenario testing.”

The firm message here is that current service mapping processes are not currently hitting the heights of sophistication that regulators require.

This isn’t surprising. Service maps are difficult and time consuming to create manually, and a lack of business context – especially when combined with the dynamic nature of modern networks – often leaves IT teams struggling with limited, out-of-date service maps which aren’t equal to the task of providing a full view of possible outages and impacted services.

Upgrading mapping practices

Addressing the common flaws in current mapping processes isn’t straightforward.

With the right third party support, however, it’s possible to take mapping to the heights of sophistication required for full OR compliance.

A good advisory service will, for example, consider opting for a top-down discovery process as opposed to horizontal. This means that devices and applications won’t be considered as independent or standalone, but as deeply interconnected.

By extension, a top-down approach to mapping helps organisations to immediately identify the impact of a compromised or disrupted object on the rest of the application service operation.

These changes will be increasingly essential for firms looking to shore up their OR to the regulatory standards suggested by Duncan Mackinnon.

Time is of the essence

Service mapping isn’t the be-all and end-all of operational resilience – but it represents a vital building block for identifying and correcting and possible causes of disruption, and one well worth establishing as soon as possible.

As the speech notes, “the longer firms take to map to the required level of sophistication and to run robust scenario tests, the shorter the period they will have to address their vulnerabilities and build resilience.”

Operational resilience is a journey – and, like many journeys, it will be greatly facilitated by a reliable map. With regulatory compliance located at the end of the road, it’s a journey well worth taking properly.

Continue Reading


Why You Should Work on Your Financial Literacy



Ebo Aneju


A lack of financial understanding plagues our society. Most people have very little understanding of finances, which means they struggle when making crucial financial decisions.

Making correct financial decisions is more critical than ever. The UK is currently in a cost of living crisis, and inflation has risen to around 9%. This means many people are seeing their disposable income fall quite rapidly.

Buying essentials such as energy and fuel is becoming increasingly difficult for many households as you will have noticed, fuel and energy prices with the energy inflation rate at an incredible 28%!

This means working on finances and ensuring you can sustain your lifestyle is something we currently need to focus on. Falling into debt is something that you should definitely avoid!

Read on to find out more about financial literacy and how it can help you manage your living costs.

What is Financial Literacy?

Financial literacy is the ability to use and understand various financial skills. For example, if your financial literacy is strong, you should be able to use skills such as budgeting and investing to make correct financial decisions.

This includes decisions such as mortgages and opening bank accounts. Mortgages are some of the most important financial decisions people will ever make. Mortgage payments will take a large chunk of your monthly income, and it’s a big commitment.

Financial literacy isn’t only about lifelong decisions such as mortgages. Improving your financial literacy will help more minor priorities such as your daily spending and subscriptions.

How Can Improving Your Financial Literacy Benefit You?

Ideally, everyone should have a good understanding of financial literacy. Borrowing money is a large part of modern life, with most people using loans regularly. Loans are not a bad thing and are, in fact, very helpful, but unmanaged borrowing can be very dangerous.

Strengthening your financial literacy can help you properly acknowledge the risks of borrowing money. This means you’ll be able to conduct a cost-benefit analysis to see if taking out a loan will benefit you in the long run.

This will prevent you from getting into some sticky situations where you overestimate your repayment abilities. Deferring on a loan will have many repercussions that will last most of your life.

Improved financial literacy can also help you manage day-to-day spending. One skill in the package of financial literacy is budgeting. Budgeting effectively will help you decrease unnecessary spending and increase savings.

A more significant savings account will help you apply for a mortgage. Furthermore, you’ll be able to react to any unexpected expenses that come your way. This will also help you increase your financial stability.

Increasing your financial literacy also means improving skills such as investing. Investing can help you increase the size of your savings and also your monthly income if done correctly. This will again help you fight against rising costs due to inflation.

Methods to improve your financial literacy

Start Budgeting

Budgeting is beneficial and pretty simple to start. A budget is a financial plan for a period of time and will help you track what you’re spending and increase your savings.

Budgets are pretty simple to outline nowadays. Many budget apps can help you track your spending and monitor your spending vs your saving. Make sure your budget is realistic, and you can actually stick to it.

Keep tabs on your Credit Score

Your credit score is fundamental when taking out any loans. A good credit score will give you access to the lowest interest rates, which will make the loan a lot cheaper.

Moreover, if your credit score is very poor, some lenders will be unwilling to lend you money, making finding loans much more complicated. A healthy credit score will make it easier and cheaper to take out loans. This will help boost your financial literacy in the long run.

Give Yourself a Savings Goal

Many people struggle to save because they don’t stick to their saving goals. One trick is to set out some money as soon as you get paid. By effectively paying into your savings account first, it makes sure you focus on boosting your savings account.

Most people wait until the end of the month and put any spare change in their savings account. Although this can work if you’re consistent, it’s very tempting to blow the extra cash on some new shoes or other luxuries. If you set out money for savings first, you won’t have to deal with this temptation.

Continue Reading



Business3 days ago

How can businesses boost employee experience for finance professionals?

By Martin Schirmer, President, Enterprise Service Management, IFS Over the course of the last year, The Great Resignation has seriously...

Business4 days ago

CBDCs: the key to transform cross-border payments

Dr. Ruth Wandhöfer, Board Director at   If you work in finance, you’ll have been hearing a lot about...

Business4 days ago

Green growth: The unstoppable rise of climate technology investment

With the investment community focusing more and more on renewable technologies, investor interest is at an all-time high. Ian Thomas,...

Business4 days ago

Bolstering know your customer processes as regulation tightens

Nick Payne, banking services, customer advisory, SAS UK & Ireland, discusses how new technologies allow financial services companies to develop rigorous KYC...

Finance4 days ago

The penny has dropped – the finance sector needs Data Governance-as-a-Service

By Michael Queenan, Co-Founder and CEO at Nephos Technologies   In our data-driven world, the amount of data is growing...

Business4 days ago

Seven tips for financial services brands using mail

By Cameron Russell, Head of Marketing at Marketreach   Customer experience (CX) is a powerful differentiator for modern brands. If...

Top 104 days ago

Turn the data landfill into an insight goldmine

Andrew Watson, CTO, MHR Today, businesses have access to a wealth of data, with vast amounts of information created daily....

Business4 days ago

A Culture of Cyber Security Throughout Financial Services Organisations

Michael Cantor, CIO, Park Place Technologies Financial Services organisations have long been a top target for cyber-attacks given both the...

Business6 days ago

Financial Stability Board Gives Full Support to Wide LEI Use in Global Payments

Clare Rowley, Head of Business Operations at the Global Legal Entity Identifier Foundation The strongest recommendation yet by the Financial...

Business6 days ago

On-demand pay: why payroll needs a modern approach

Byline:  Paul Bartlett, CEO, CloudPay   While the world of work has evolved drastically over the last decade, payroll has...

Business6 days ago

 ‘What should real estate investors be doing now – has the market hit rock bottom or is now the time to buy?’

Following many years of housing prices soaring and competition steadily increasing, real estate growth has finally started to slow, likely...

Business7 days ago

Expert Guide for Email Marketing to Improving Your Conversion Rates

If you talk about email marketing campaigns, it would seem like an old-fashioned advertising style. But it is still an...

Banking1 week ago

Augmented automated underwriting and the evolution of the life insurance market

By Alby van Wyk, Chief Commercial Officer at Munich Re Automation Solutions   It’s almost inevitable. Spend your working life...

Banking1 week ago

ESG in the finance and banking industry – are you ready?

By Julian Moffett, CTO BFSI, EDB   Environmental, Social and Governance (ESG) has soared towards the top of banking, financial...

Top 102 weeks ago

An Entrepreneur’s Guide to Investing in Bitcoin

Marcus de Maria, Founder and Chairman of Investment Mastery.   Over recent years, Bitcoin has been steadily growing in popularity...

Business2 weeks ago

Overcoming macroeconomic challenges

By Mike Chambers, formerly CEO of Bacs and a consultant at Access PaySuite.   For businesses offering a subscription-based service, the...

Banking2 weeks ago

How unlocking the potential of tokenised markets can help banks keep pace with the digital economy

Giulia Secco is the Strategic Partnership & Ecosystem Manager at Fnality International.   In the aftermath of the 2008 financial...

Banking2 weeks ago

The role of Artificial intelligence in compliance at banks

Sujata Dasgupta, Global Head – Financial Crime Compliance Advisory, Tata Consultancy Services   There’s not a financial institution across the...

Technology2 weeks ago

Scaling securely in the automation-first era

By Brandon Traffanstedt, Sr. Director, Field Technology Office at CyberArk   Robotic process automation (RPA) has been one of the...

Business2 weeks ago

Putting technology to work on entrepreneur fund-raising

By Simon Glass, CEO, Qodeo   Human relationships are behind the most successful venture capital deals. The chemistry between an...