Data Protection Made Simple

  • techUK techUK
    Thursday20Feb 2020

    Guest Blog: Cristina Jerney, CyNation, on implementing key principles within an organisation’s cyber security plan to keep data protected as part of our...

With constantly changing regulations and a variety of stringent guidelines in place, such as GDPR or NIS, it is easy to feel overwhelmed at the prospect of overhauling business processes to ensure cyber security. Risks are everywhere, and multiply as organisations connect with vendors or other third parties. Consequences can be dire, often involving severe fines, reputational damage and lasting customer mistrust. It is imperative to find a way to efficiently protect crucial personal data throughout your third-party ecosystem, maintain compliant with a multitude of regulations, all while keeping a business running.   

However, this does not have to be a daunting task – implementing a few simple but key principles within your organisation’s cyber security plan can keep your data secure, your business operations smooth and your customers happy.   

Creating a secure environment and strong data protection practices necessitates an understanding of the risks inherent in your organisation, including your third-party ecosystem, and a strategic mitigation plan that is in line with business concerns. In short, a third-party risk management process where you can identify, analyse and ultimately manage your risk. 

Without understanding what your risk factors are or where they originate, it is near impossible to design a sufficient risk management plan. Therefore, it is essential to consult and aggregate risk data from a variety of sources to fully grasp risk factors.  

Part of this risk data collection should be built into your due diligence process – whether you send a data protection questionnaire to your third parties or use a specialised software, you should be ensuring that your vendors are compliant and secure.  

In addition to this information, there are variety of open source and enterprise data streams that can provide a wealth of risk data across categories, including endpoint security, regulatory compliance, financial risk and news and reputation.  

Once you have collated the risk data, it should be analysed, categorised and prioritised based on traits such as risk type, urgency and business impact. Once analysed, the data should trigger an established mitigation plan or should be considered when creating a risk management plan. It is also important to continue collecting data to verify the effectiveness of the plan and adjust where necessary. 

Risk management is a continuous cycle, with mitigation plans that are adaptable according to feedback. This will not only address the changing nature of the risks and regulations, but will also ensure that business priorities and various organisational stakeholders are always considered and provided for. 

Effective data protection policies and processes don’t have to be a nightmare to create. By implementing these principles, you will be able to easily recognise and alleviate your risks.  

You can read all our other guest blogs throughout the campaign week here.

Share this


The #COVID19UK pandemic has massively impacted education. Make sure you read this teacher's reflection on the lesso…
First up: Future of Work post-COVID with @darrwest (@BrookingsInst), Melissa Bailey (@IBM_UK_news) & our own…
The #coronavirus pandemic will come to an end and the world will return to what’s likely to be a new normal. What i…
It's clear that the effects of the #COVID-19 pandemic will have a lasting impact on the #healthcare industry as a w…
In order to help Policing, reduce the risk of commercial decisions being made in the digital policing space, all Na…
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...