A large part of PCI and PII compliance is based around having strong policies and procedures. They need due consideration, planning and defined strategy to adhere to the evolving legislation.
Personally identifiable information (PII) is information that can be used on its own, or with other information to identify, contact, or locate a single person, or to identify an individual in context, and is subject to the following legislation:
The UK Data Protection Act 1998
General Data Protection Regulation (Europe, 2016)*
Article 8 of the European Convention on Human Rights
Employers’ Data Protection Code of Practice
Model Contracts for Data Exports
The UK Interception of Communications (Lawful Business Practice) Regulations 2000
*The maximum fine for a minor breach is €10m or 2% global turnover and for a major breach €20m or 4% of global turnover, whichever is greater.
The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. Maintaining payment security is required for all entities that store, process or transmit cardholder data.
CCL has developed a range of services to help your company comply with the GDPR. Our specialist and experienced team are on hand to help you with:
Policies & procedures audit for compliance
Whatever governance is implemented; it will need to be audited independently. Those organisations with internal audit functions will facilitate this internally; for those organisations that do not, an independent third party will be required to undertake the audit.
CCL’s audits are by their nature highly structured; our deliverables from a GDPR audit will cover:
clarification on the governance
commentary on the implementation of the governance
risk register & mitigation advice
In addition, we can review:
incident response planning & capabilities
current high-level Cyber strategy
Data Base review for non-compliance
Wherever data resides, at motion or at rest, it is the company’s responsibility to ensure that it does not contravene GDRP, if data contravenes GDPR it must be identified and eliminated.
CCL has the tools and techniques to find and clean data, whatever size and wherever it sits, to ensure compliance. So in the event of a data-breach, the perpetrators cannot access data that would compromise the company’s GDPR obligations
To help you further call 01789 261 200 or contact us.