Recruitment industry supplier ADVANCE has been awarded GDPR-ready status by a government-recognised accreditation body.
ADVANCE achieved the IASME Governance standard following a rigorous assessment covering all aspects of its approach to data protection and IT security.
IASME is one of just five accredited assessors for the government’s Cyber Essentials scheme.
IASME and GDPR readiness
The IASME Governance assessment was developed over several years during a government-funded project to create a new cyber security standard.
Since March 2017 it has included a specific GDPR module, which added several topics required for GDPR compliance such as assessing business risks, training staff, dealing with incidents and handling operational issues.
ADVANCE, which provides FCSA-accredited umbrella, limited company and self-employment solutions to contractors and recruiters, is thought to be the first company in the contractor services sector to achieve the standard.
Managing director Shaun Critchley said:
We’re pleased to be able to demonstrate to contractors and recruitment businesses that we have taken steps to prepare for GDPR.
The IASME standard includes Cyber Essentials but is much broader than that. It’s about demonstrating that you have adequate controls, processes and protections in place when processing personal data.
Our GDPR project team has put in a lot of hard work and now it’s a case of continuing our preparations as 25 May approaches.
Darren Kewley of Protos Networks, which acted as ADVANCE’s IASME assessor and certification body, said:
ADVANCE clearly takes GDPR and data security generally very seriously.
The company was a pleasure to deal with and I would like to congratulate Shaun and the team on achieving the IASME Governance standard.
The EU General Data Protection Regulation (GDPR) is designed to harmonise data security laws across Europe, protect and empower individuals and transform how organisations approach privacy.
Companies face heavy fines for non-compliance, with the Information Commissioner’s Office (ICO) responsible for enforcement in the UK.
A new Data Protection Bill currently working its way through parliament will encapsulate the key principles.
Individuals will be given extensive new rights and protections, including free access to all of the personal data that a company holds on them.