We’re very proud to have achieved both Cyber Essentials Plus and GDPR compliance (General Data Protection Guidelines)
During 2017, Healthy Performance delivered 17,545 onsite employee health checks and 14,238 people completed our online lifestyle assessment, MyWellbeingCheck, so naturally, we have to take data security very seriously.
We’re delighted to announce that we are the first onsite employee health screening provider to have achieved Cyber Essentials Plus and we’re compliant with GDPR, well ahead of the May deadline. Technology and systems efficiency has always been important to our business and it’s fundamental to the high standards of service we offer to both our clients and their employees.
Over the last 3-4 years, here at Healthy Performance, we’ve developed our own software infrastructure including Health Screening Software, Online Lifestyle Tool, Online Booking System, Operational Management System and CRM System. As a highly innovative health and wellbeing company, we recognise the importance of setting the benchmark for information security and data protection and we continually strive to lead the health and wellbeing industry with our approach.
If you want to know more about Cyber Essentials and GDPR, read on…
Cyber Essentials is the UK Government’s National Cyber Security Strategy which aims to make the UK a safer place to conduct business. Our accreditation plays a large part in how we can protect ourselves from cyber threats. Cybercrime is an ever growing concern for all businesses, in particular for wellbeing providers who store sensitive personal health data.
Cyber Essentials aims to help organisations implement basic levels of protection against cyber attack, demonstrating to their customers that they take cyber security seriously. The scheme is available at two levels:
- Cyber Essentials – an independently verified self-assessment. Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.
- Cyber Essentials PLUS – a higher level of assurance. A qualified and independent assessor examines the same five controls, testing that they work in practice by simulating basic hacking and phishing attacks.
The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet.
According to a government study, nearly 50% of businesses reported a cyber breach or attack in the past 12 months and Cyber Essentials covers various aspects of security including Secure configuration, Boundary firewalls/Internet gateways, Access control/administrative privilege management and Malware protection.
Organisations that undertake Cyber Essentials are encouraged to recertify at least once a year and, where appropriate, progress their security. At Healthy Performance we never rest on our laurels and are already making plans to achieve Cyber Essentials Plus accreditation by the end of Q1, 2018.
For further information please see www.cyberstreetwise.com\cyberessentials
On 25 May 2018, Europe’s data protection rules will undergo their biggest changes in two decades. Since they were created over twenty years ago the amount of digital information we create, capture and store has vastly increased.
Over the last twelve months, there have been many large, global data breaches from global companies affecting millions of people. Under GDPR guidelines, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the Information Commissioners Office (ICO).
The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people affected also need to be told. GDPR will update data protection requirements and align these with today’s technology-driven society, changing how businesses and public sector organisations handle the customer’s information.