Getting the balance right

URM's approach to the Data Protection Act

URM's approach to compliance is pragmatic and involves the following stages:

• Identifying personal data information assets
• Determining the different ways that personal data is processed
• Comparing the way data is processed with the requirements of the eight data protection principles and other legal and regulatory requirements
• Reporting any mismatches between stages 2 and 3
• Ensuring appropriate policies and procedures are in place, i.e. a Data Protection System, so that compliance is achieved by staff adhering to them.

Training for personal data users is vital if management is to achieve compliance with the Act. URM can offer public and tailored on-site classroom training for these users.

URM has experience of assisting both public and private organisations to become compliant with data protection regulations across all market sectors. This experience, together with the approach outlined above, ensures that customers have the very best, up-to-date advice and consultancy.

For organisations wishing to confirm their compliance, URM's consultants can offer a complete range of audit services as well as reviews of contracts with data processors.

Failure to comply with the Data Protection Act 1998 is a criminal offence – it may also lead to litigation in a civil court should any non-compliance cause damage or distress to a data subject. These are very serious offences for which directors are vicariously liable. The Information Commissioner also has powers to force organisations to comply.

Notwithstanding the extent of any punitive action taken by the Information Commissioner or the courts, the damage to an organisations brand or reputation, should it be found not complying with the law, could be severe.

Taking a proactive approach to compliance will allow directors and senior management, whose organisations process personal data safely and securely to:

• Focus on other important business matters without fear of legal or regulatory action
• Demonstrate their professional and ethical standards to personal customers and business partners.

Closely tie Data Protection Law to other good practice code of practice within information management, such as information security and freedom of information.

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
  • ISO 27001 Health Check
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures
• Social Networking