GDPR

GDPR is now enforced!

(General Data Protection Regulation)

Are you ready?

Take action now before you get caught out!

With fines of £20 million or 4% of turnover
(which ever is larger!) you cannot afford to ignore it.

Sensible solutions available and free initial consultation available.

GDPR Questionnaire

Take our quick 5 minute questionnaire. Receive a free, no obligation response 🙂

GDPR Questionnaire

With fines so large how can you afford not to complete the quick 16 point questionnaire? The form should only take 5 minutes to complete. Free to do, no obligation feedback and solutions. This is a great place to start on your journey towards GDPR peace of mind.
Click Here

GDPR
(General Data Protection Regulation)

How PCQ meets your needs

Firstly don’t panic! Whilst this is all difficult and overwhelming PCQ can help.

At PCQ we have worked hard to ensure all our business clients have been stepping towards compliance for years.  Legal business version software, good business grade hardware and server solutions to meet all the requirements backed with leading managed services.  If you already use PCQ for your business your IT is likely most the way there. If you haven’t used PCQ before, don’t worry we can still help, but you may require more depending on what you have.  We can help, advise and supply anything you need.

The first and most important step before arranging a meeting is information gathering! We always suggest making a “Data map”.  A data map is quite simply a list to record anywhere your company stores personal data.  Considerations from scraps of paper/books for taking notes about phone calls, any/all paper records, digital data stored on PC’s, servers, onsite backups, data held with any 3rd parties and even your website/email servers.

Data Map should include:

  • Where the Data is (Example – written sales folder – Sage accounts – Email from web form – Cloud-storage – etc)
  • What data/information is recorded (such as first/second name, phone number, Date of birth etc)
  • Who has access to the information (list out everyone whom could have access)
  • How you received the information and have you recorded consent
  • Consider and record your retention period for each area of data (Yes you have the data, but do you really need it? If you do, justify why and record how long you are required to keep it. If you can no longer justify the risk of retaining the data you may want to simply destroy it to mitigate your risks)
  • Do any 3rd parties have access to the data? Record this too.  (Your accountant, IT support, guests, web designers – etc)

We suggest starting with the PCQ GDPR questionnaire – You will receive a free, no obligation suggested action list and or free site meeting to inspect and later receive a action list. COST = FREE!

Small business, sole trader, charity/non-profit or club (1-10 Staff)BRAND NEW SMART SELF-ASSESSMENT – SMART POLICY PACK and PROCEDURE TEMPLATES! – This unique service is chargeable at a per member of staff basis per year and is the easiest/most efficient way to record your assessment, document it and produce your Smart policies documents. You are provided a software tool to install to all your laptops/PC’s which reduces the number of tasks necessary for your steps towards compliance.  Not only that, if one of your computers falls out of compliance, your DPO is notified so you can act and always remain compliant. We have been working hard with our partners to produce a cost effective solution for the smallest of situations.  To get pricing on our exciting approach to a massive challenge please complete our questionnaire.

GDPR full GAP Assessment conducted by a GDPR Specialist consultant (advised for 10+ staff businesses)- is the best and only true route for full demonstrated, recorded and audited by a 3rd party path to impressing the ICO (Information commission Office) you have fully appreciated the law and gain a full report. A Full GAP assessment is like having an MOT on your car so you can then address the issues found and take action and then be compliant!  If you cannot justify the cost for a full and proper GAP assessment (aimed at 10+ staff business) we suggest starting with the PCQ questionnaire (here) or looking at https://ico.org.uk 

Once you have completed the PCQ free questionnaire you will likely be offered a meeting at your office for up to 1 hour free of charge.  Obviously within a sensible catchment range of our offices but telephone meetings can be arranged as well.  This will enable us to discuss how you currently operate, suggest any simple changes and offer solutions to help shape your business towards compliance.  There is no obligation to take our services.

Much like a “company secretary” all companies will need to appoint a DPO (Data Protection Officer) to become responsible for making the company GDPR compliant.  The DPO must carry out regular and systematic checks to ensure your company is compliant and be prepared and ready to act on requests from the public or communicate with the ICO.  This can be a huge task and responsibility, PCQ has solutions to help with this. 

It is possible to pay for an external appointed DPO but this is costly and for most will still consume a lot of time bringing the business up to compliance.

All staff need to be made aware of changes and how they deal with personal information and what happens if certain events occur.  Any information received needs to be kept safe along with a record what consent was given, just a call back or ongoing correspondence?

PCQ has a range of products to help and identify issues.  We feel it is important to provide automated management tools that report to you. If you wish for special consultant to review or wish to subscribe to one of our training companies, regardless of your needs, we can assist.

NEW Smart assessment tool now out! – Please complete questionnaire to find out more!

You will need to review all paper work used, including website pages/forms. You will need to have good polices & procedures written.  Some policies are documents you must have on file, some you may need to make public.  You are also required to prepare procedure templates so your DPO is armed and ready to act in any event.

Procedural templates for possible events which include:

  • Data breaches – Both for the ICO and affected clients
  • Requests for data – What to say and do if anyone requests their data
  • Requests for data deletion – If you have a request for someones data to be deleted – How to respond and what is acceptable to do

Good practice for your terms and statements:

  • Make sure your terms and statements are in good plain English – Make it easy as possible
  • Make your main points clear – If you are collecting data or plan to use the data you must confirm that you are and why.
  • Hiding an “opt out” tick box is no longer acceptable.  Instead you will need an “opt in”, big and bold and not pre-ticked!

PCQ can assist with any aspects your require.  Should you wish to have a specialist GDPR consultant come to review and customise all your paper work and audit your business, we can arrange.  Unless you’re a large company this will be cost prohibitive.

Why not go Smart? -Use our Smart Assessment tool. This assists you with your policy document building.  All your documents included for a very low fee.

We have GDPR policy packs which include templates for your procedures – Please contact us for pricing (far cheaper than having your own drawn up!)

Cyber Essentials Policy documents – Please contact us for pricing (assuming you proceed with CyberSmart)

We advise all companies to consider and make a “minimum standard” for your IT equipment and software.  Here is our suggestion for small to medium size businesses.

Business user machine:

  • Windows “Professional” licence (not home edition!) 7/8/8.1/10 (note: Windows 7 will soon be removed from our list when support ends) (Or Apple OSX on latest release)
  • Protection that must include management/alert reporting for Antivirus/Malware/Firewall protection to your DPO – We advise Bitdefender Gravityzone (Please ask for pricing)
  • Software patching and reporting for your DPO – We advise Heimdal Security (Please ask for pricing)
  • Network edge protection and reporting for your DPO – We advise Heimdal Security (Please ask for pricing)
  • Ensure all software is legal/licenced/current (if in doubt, check your licences with PCQ or Microsoft direct)
  • Disk encryption on any devices containing personal data – We advise using Bitlocker with a TPM module – This should be a strict requirement for mobile devices, ideally all equipment in case of theft!
  • Onsite backups & disaster recovery plan – Ensure all backups are encrypted to 256bit or above – Ensure you have a good disaster recovery plan and systems in place. (Please ask for pricing)
  • Cloud backup (Suggest UK based with full accreditation, please ask for pricing)

Onsite servers:

  • Windows Server editions 2012 or above
  • Password policy – Make sure to enable both compliant password, strength and rotation policies.
  • Domain park all user devices – Good for disaster recovery
  • Health reporting/updates – Make sure your DPO is informed.
  • Protection that must include management/alert reporting for Antivirus/Malware/Firewall protection to your DPO – We advise Bitdefender Gravityzone (Please ask for pricing)
  • Software patching and reporting for your DPO – We advise Heimdal Security (Please ask for pricing)
  • Network edge protection and reporting for your DPO – We advise Heimdal Security (Please ask for pricing)
  • Ensure all software is legal/licenced/current (if in doubt, check your licences with PCQ or Microsoft direct)
  • Disk encryption – Should your sever not be inside a ISO27001 data center it would be considered at risk from theft. To reduce your risks we would advise installation of a TPM module and enabling 256bit encryption to all drives using technologies such as Bitlocker.
  • Onsite backups & disaster recovery plan – Ensure all backups are encrypted to 256bit or above – Ensure you have a good disaster recovery plan and systems in place. (Please ask for pricing)
  • IT Support – Make sure your IT company can demonstrate cyber security and that all logs of access to your servers can be made available on request.

Once you have made a specification it is important to review each machine and take action to roll out.  Not only do you need to achieve a basic cyber security level you will need to be able to demonstrate compliance and record how you monitor breaches/problems – Without a full time IT department this would normally be difficult to achieve. 

PCQ as standard will automatically meet or exceed the above minimum requirement set out above if requesting “business computers” and have done for quite some time.  If you wish PCQ to visit and assess your business equipment at no cost please let us know and we can report/advise suggested actions to bring your IT up to the requirement.

Once you have done the hard work of getting your business ready, the next stage is making sure you remain compliant.  Make sure all equipment changes keep in line with your minimum standard set.  Make sure to put in systems that provide ongoing reporting for your DPO.  This will assist the DPO in being kept informed of any threats or breaches so that they may act and keep you compliant and your customer’s data safe.

We suggest as much automation and alerting as is possible for your DPO to take the strain out of ongoing compliance. This is why we feel its necessary for management/reporting for basic items such as Antivirus/Malware/network/server/backups.  Also make sure your IT team are logging all activity of access and works conducted so you have clear audit trails of access to your systems.

Make a schedule to test your recovery plan – So should the worst occur you’re ready to restore with minimal downtime and then start reporting the event.  No backup solution or service provider will provide a guarantee for your data so always best to perform routine checks.

Consider other accreditation’s and certificates to help you demonstrate to the ICO and your clients that you are serious about personal data and you can be trusted. This makes good business sense to maintain and bring on new clients😊.

Ongoing compliance, show you’re serious about cyber security!

Demonstrate you are serious about your Cyber Security by becoming “Cyber Essentials” accredited.  Cyber Essentials is a Government produced certification designed for smaller businesses to show they meet the standard.  If you wish to trade/tender for Government work, this certification is a requirement.  If you don’t deal with government, this is an optional feature, but an excellent way to demonstrate your ongoing IT infrastructure compliance.  

Our unique CyberSmart partner provides you with an automated reporting tool to install on all your computers, so you are kept informed about anything falling outside of compliance for Cyber Essentials.  Annual renewal is simple and aids your GDPR compliance too.

Benefits of CyberSmart:

  • Guaranteed certificate – You will not fail your application for Cyber Essentials assuming you follow PCQ/CyberSmarts guidance
  • £20 Million cyber insurance (Ask for details of the terms)
  • Satisfies the requirement to deal with Government
  • Cyber Essentials logo for your website to demonstrate to your clients you are serious about safety of their data; drive new business and confidence.
  • Cloud portal and emailed reports to assist you maintaining compliance.
  • Excellent means to demonstrate your GDPR cyber security requirement.

CyberSmart Pricing – Please let us know how many computers you have and we can provide costings for the service

BRAND NEW – To save costs for small businesses, we have arranged the CyberSmart tools without the certificates.  This enables your DPO to see at any time how your devices are doing and if actions are required for compliance.

GDPR tools – Make compliance easy

Get free help and advice.  Why not start with our free no obligation report. We can assist with your steps towards compliance and importantly maintain your compliance. Please click here

Another great source for information is the ICO direct (Information Commissioner’s Office) here

Keep your data safe – Anything containing personal information needs to be kept safe and secure. Anything written, printed and stored digitally.

Written and printed documents:

  • Keep it locked away, to avoid unauthorised access.  Locked room or filing cabinets is ok. Ask for pricing sales@pc-q.co.uk
  • Destroy old papers, cross shredder is advised. Ask for pricing sales@pc-q.co.uk

Digital stored data:

We advise all drives which contain personal information be encrypted. Encryption means the data requires unlocking before it can be read and will protect against accidental loss or theft. Static equipment will have a lower risk from loss or theft, but we feel its good practice to encrypt all drives. Any portable devices such as laptops, smart phones and storage devices we strongly advise are encrypted. Solutions are often built in without any extra cost by using, for instance, Windows “Professional” and technologies such as a TPM (Trusted Platform Module).  Don’t worry if you need us to help advise, just phone and we can assist you.

  • Got a TPM (Trusted Platform Module) – Windows Professional (7/8/8.1/10) –  BitLocker – 256bit Encryption – If you have a good modern business device you can enable – £ 0 – Just needs to be enabled
  • Don’t have a TPM module – As long as your Operating system is Windows Professional ( 7/8/8.1/10) – We can provide a key managed platform for central management by BitDefender – £1.50 per month per device

(pricing on this page excludes VAT @ 20%)

Smart self-assessment portal & smart policy pack:

  • Secure online portal for your business appraisal
  • Software for your computers – This automates many of the questions asked during the questionnaires for compliance/reporting as the software detects computer state for your computer’s security health status.
  • Software monitors ongoing compliance – Automate reporting to your DPO so that you are always compliant and not just one day a year when you think to check.
  • Smart policy template pack for both GDPR & Cyber Essentials – Based on your questionnaire it will part complete your policy template pack.
  • Data Protection policy
  • Procedure templates for both the ICO and clients
  • Bolt on options available if you wish to become certificated/accredited for one of the following standards – “Cyber Essentials/Plus”, “IASME” or “GDPR Ready”
Very small monthly cost – We have specifically tailored this solution to be affordable for sole traders, charity/non-profits, clubs or companies up to around 10 members of staff.  We have many other solutions if you’re bigger. Price on completing the GDPR questionnaire only – You will be pleasantly surprised 🙂

(GDPR questions are in beta and are being actively revised)

To safe guard against viruses or malware, PCQ advises “Bitdefender Gravityzone”.  This product is full enterprise level protection with the best “Zero day detection” methods. Don’t just take our word for it, look for reviews! Consistently superior protection, performance and usability, proven in major independent tests!

We advise the “Gravityzone edition” as this contains all the business features necessary for your GDPR security concerns.  PCQ will have supplied this product as standard, so if you use us for your supply, you will find you have a qualifying GDPR level protection.

Automation for your DPO! – Just let us know your DPO’s email address and for no extra fee we configure network reporting for you.  This means in the unlikely event of a breach or a device has been uninstalled, you are kept informed!

  • Best zero day protection (without updates it can protect against threats!)
  • Advanced behaviour monitoring – permanently monitors running processes for signs of malicious behaviour.
  • Largest security intelligence cloud – With over 500 million machines protected, the Bitdefender Global Protective Network performs 11 Billion queries per day and uses machine learning and event correlation to detect threats without slowing down users.
  • Artificial Intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
  • Centralised reporting for your DPO
  • PCQ can offer Enterprise level protection for consumer level pricing!

To check our pricing please click here

Most small businesses cannot afford separate enterprise grade firewalls and licences to maintain them.  We have a better option which sits perfectly along side Bitdefender’s firewall.

Heimdal Security adds “network layer edge protection” – This monitors all traffic, in and out from your  computer looking for rogue code or bad sources and analysing as you go. 

Did you know most recent “ransomware” attacks infiltrate networks due to little things like “Adobe Flash” not being up to date?! You are now expected to have “Software patch management” to ensure all your devices are always up to date.  Heimdal does this without any interruption, saving you and your staff time.

Automation for your DPO!  Just let us know your DPO’s email address and for no extra fee we confirm network reporting for you.  This means in the unlikely event of a breach, protection removed from a device, or user blocked an update, you are kept informed!

  • Leading internet traffic scanning to keep you safe against ransomware, financial Trojans, data-stealing malware and other threats
  • Sanitise your network traffic
  • Keep your clients personal data safe
  • Automated software patch management – Save staff time
  • Reporting for your DPO – Keeping you compliant, always!

To check our pricing please click here

PCQ can provide the complete solution.

We have ISO27001 accredited entertainers for your website and basic email requirements.  ISO27001 meets or exceeds “GDPR ready” as a recognised standard.

Need cloud backup or data sharing services?  Again we have solutions which meet all the GDPR requirements.

Did you know if you use PCQ for your Microsoft 365 options you are guaranteed, to be using the UK only Microsoft data centres with full ISO27001 accreditation chain as standard?!  

For any requirements, please get in touch sales@pc-q.co.uk

To ensure your risks are minimised, you will need to ensure only trusted agents are authorised to assist your business.

PCQ is not only GDPR compliant, we are fully registered with the ICO, insured for all works done and also “Cyber Essentials” accredited (Government backed scheme). We are serious about your data.  These standards enable us to work with data in any industry including government.

PCQ is long standing.  Established back in June 2000 we have remained when thousands and come and gone.  We do things correct and legal. We do not expect anything less.

All PCQ’s work is trackable and we can be audited at any time.  All remote support access is logged so we know which PCQ employee accessed and when.

Be careful and do your homework on anyone who could gain access to your data.  From your cleaners to your accountants make sure you’re covered!

If you have further questions, please get in touch support@pc-q.co.uk or see here

 

More tools being published soon

Need to get in touch? Ask more questions? Book a meeting? Please use form below.

Data policy (available here):

Your submitted message will be received and assessed by PCQ only.  PCQ will store your data on its systems securely.  PCQ will only reply to you by email (or phone if you have chosen to provide) with the details you provided to us on the above form.  PCQ will only reply regarding your enquiry and not assume continued contact for marketing. Data policy is available here