-
Data Retention: Why It Matters and How to Stay Compliant
A few years ago, I had a lightbulb moment during a review of our Data Retention Policy. Our legal advisor at the time made a striking comment: “Data is toxic.” His point was simple yet profound—keeping data longer than necessary or holding onto more than you need only increases your exposure to risk. This insight…
-
ISO27001 transition
If you’re still certified to ISO27001:2013 you have until 31st October 2025 to transition to ISO 27001:2022. After this deadline, organisations that haven’t switched to the new version will have their certification withdrawn. What are the key changes? While the core clauses in the 2022 standard remain the same, additional subclauses and clarifying notes have…
-
The importance of culture
Does your team bring every decision to you?Are you constantly firefighting, dealing with issues and being reactive?Is there a high turnover of staff?Are staff happiness scores low, or worst, not even measured?Is it sometimes easier just to perform tasks yourself? If you answered yes to any of the above, your company culture is in need…
-
A Practical Guide to UK GDPR compliance
As a small business owner in the UK, you may find the General Data Protection Regulation (GDPR) somewhat daunting. However, understanding and implementing GDPR compliance doesn’t have to be overwhelming. This guide aims to demystify GDPR and provide you with practical steps to ensure your business adheres to these important regulations. Understanding GDPR At its…
-
A positive view of risk
When most people hear “risk management,” they imagine a bureaucratic process aimed at satisfying regulations or pleasing auditors. For many UK SMEs, this mindset turns risk management into a reluctant compliance chore. But this view is fundamentally flawed. Effective risk management is a proactive, empowering tool that helps businesses sharpen their security posture, improve decision-making,…