Monday 21 May 2018 @ 13:51
techUK
Printable version

NCSC and ICO publish cyber security guidance on GDPR

The General Data Protection Regulation (GDPR) will take effect on the 25th May and in support of that the National Cyber Security Centre (NCSC) has worked with...

What does the GDPR mean for cyber security?

The GDPR requires that personal data must be processed securely using appropriate technical and organisational measures. The Regulation does not mandate a specific set of cyber security measures but rather expects you to take ‘appropriate’ action. In other words you need to manage risk. What is appropriate for you will depend upon your circumstances as well as the data you are processing and therefore the risks posed, however there is an expectation you have minimal, established security measures in place. The security measures must be designed into your systems at the outset (referred to as Privacy by Design) and maintained effective throughout the life of your system.

The NCSC have worked with the ICO to develop a set of GDPR Security Outcomes. This guidance provides an overview of what the GDPR says about security and describes a set of security related outcomes that all organisations processing personal data should seek to achieve. The approach is based on four top level aims:

  • manage security risk
  • protect personal data against cyber attack
  • detect security events, and
  • minimise the impact

A good starting point for advice on implementing security measures for the GDPR is existing good cyber security guidance. Some good sources of information include our 10 Steps to Cyber SecuritySmall Business Guide or the Cyber Essentials scheme. You can also share information, advice and intelligence about cyber risks online by joining our CISP community.

Reporting Incidents Involving Personal Data

If you are affected by an incident which involves (or is likely to involve) a breach of personal data, then you are likely to have an obligation under the GDPR to notify the ICO. The ICO provide more detailed guidance on their website about what constitutes a notifiable breach, preparing and responding to breaches.

You may also wish to report significant cyber incidents to the NCSC. If the incident is likely to have a national impact then we will seek to provide support, subject to resource constraints. National impact includes harm to national security, the economy, public confidence, or public health and safety. We would also welcome notification of incidents ‘for information’ which you feel may be of interest, for example incidents which may contribute to our understanding of adversary activity, inform the guidance we provide, or help other organisations.

Incidents below national threshold should be reported to Action Fraud – the UK’s national fraud and cyber crime reporting centre or, if you're in Scotland, then reports should be made to Police Scotland

The Information Commissioner’s Office (ICO) is the UK's supervisory authority for the GDPR and is responsible for promoting and enforcing the legislation, as well as providing advice and guidance to organisations and individuals. The ICO has published a lot of helpful guidance on its website. This should be your first port of call for any overarching GDPR queries you might have.

The GDPR Security Outcomes can be read here in full

 

Channel website: http://www.techuk.org/

Original article link: https://www.techuk.org/insights/news/item/13138-ncsc-and-ico-publish-cyber-security-guidance-on-gdpr

Share this article

Latest News from
techUK

What Labour’s rail announcement could mean for the tech sector

26/04/2024 16:20:00

The Labour Party has announced its plan for rail should it be elected to government.

The DRCF sets a longer-term vision for future digital regulation in its annual plan for 2024/5

26/04/2024 11:05:00

The DRCF sets its agenda for the year ahead, amidst another busy year for the tech sector and its digital regulators.

techUK hosts RHC for the launch of ‘The Future Regulation of Space Technologies’ report

25/04/2024 16:05:00

Today the Regulatory Horizons Council (RHC) launches its report on the Future Regulation of Space Technologies. techUK will host the first presentation about the report during the Space Commercialisation and Tech Summit.

Cloud computing and the journey to net zero - why GreenOps is key to sustainable growth

25/04/2024 11:05:00

At a time when our commitment to mitigate the impact of climate change has never been more urgent, a sustainable approach to technology should be at the heart of any digital transformation strategy. 

techUK and TechWM strategic agreement announcement

25/04/2024 10:25:00

We are delighted to announce that techUK and TechWM have signed a new strategic agreement to accelerate regional tech economy! 

UK SPF commissions study to explore spectrum sharing with Defence

25/04/2024 09:20:00

In a recent development, management consultancy LS telcom has been appointed to produce an independent report addressing the complexities of sharing Defence spectrum. At the heart of this endeavour lies the need to reconcile the growing need for spectrum sharing with the stringent security requirements of the Ministry of Defence (MoD).

New CCS Chief Executive announced

24/04/2024 16:25:00

Last week, it was announced that the Crown Commercial Service had appointed it's new Chief Executive to replace Simon Tse when he retires this summer

Prime Minister announces significant increase in Defence spending

24/04/2024 13:20:00

Speaking yesterday at a NATO press conference in Poland, the Prime Minister committed to increase Defence spending to 2.5% of GDP by 2030, representing an additional £75bn in funding over the next 6 years.

Financial Conduct Authority publishes its response to work on big tech and data asymmetry in financial services

24/04/2024 11:20:00

Watch techUK’s Head of Financial Services, Andy Thornley, explain the FCA’s response to their work on big tech and data asymmetry in financial services!

Innovate to elevate: Can product design solve the UK's productivity paradox? (Guest blog from Exclaimer)

23/04/2024 11:25:00

Blog posted by: Vicky Wills, Chief Technology Officer, Exclaimer, 22 April 2024.

Exclusive offers, deals and discounts available to public sector staff, past and present!