Typing on MacBook 480x320

Exigia

Your IG and Web partner

We specialise in compliance with UK and NHS Information Governance and Data Protection requirements drawing on years of NHS experience and expertise to share with you.

We deliver most of our services over the Web and also provide Web Services to both our IG and non-IG customers.

Our mission

provide no nonsense, affordable information governance, data protection and other forms of business and technology consultancy and support
provide web services to small and micro client organisations
focus on the UK health, public, and charity sectors plus their business partners
fill information governance, data protection & security skills gaps
raise privacy, cyber security, information governance and data protection awareness, knowledge and standards

Ingenuity Mars Helicopter simulation

Stop press

Current status

With a few provisos, it is currently business as usual at Exigia. See our MD's Message on this page and on the COVID-19 page in the Portfolio.

Keep calm and ...

Red Keep Calm and Stay Safe Online Poster With so may of us using technology to stay working, shopping, communicating and generally amusing ourselves, the UK Government has published a useful page of advice and links on staying safe online. The National Cyber Security Centre also has plenty of advice and guidance on the same subject.

UK Gov Staying Safe online

NCSC Cyber Aware

UK Granted EU Adequacy

Data Privacy Day Icon 28 June 2021

The long awaited decision of the European Commission, to recognise the UK as 'adequate' for persona data transfers arrived just before the temporary arrangement was set to expire on 30th June.

This follows draft adequacy decisions made on 19th February. Since then, the Commission has assessed UK laws and practices on personal data protection, including access to personal data by UK public authorities and published a 93-page GDPR decision that even references the Magna Carta and the Bill of Rights.

It states that ‘As the UK GDPR is based on EU legislation, the data protection rules in the United Kingdom in many aspects closely mirror the corresponding rules applicable within the European Union,’ and concludes that ‘the Commission considers that the UK GDPR and the DPA 2018 ensure a level of protection for personal data transferred from the European Union that is essentially equivalent to the one guaranteed by Regulation (EU) 2016/679.’

This will be a relief to UK business as personal data can continue to low freely to the UK from EU countries for at least the next four years, when a 'sunset clause' kicks in and terminates the decision unless it has been renewed by then.

We wait to see however whether this decision is challenged via national regulatory bodies and thence to the European Court of Justice (ECJ) on the lines of the Schrems I / II cases that destroyed the US 'Safe Harbor' and 'EU-US Privacy Shield' schemes.

If this decision is ultimately proved unlawful, the new Standard Clauses and extra security assessments may have to be invoked instead.

UK Government Plans New Cybersecurity Law

Smart Fridge 21 April 2021

Against a background of booming sales of smart devices and consumers increasingly relying on connected products at work and at home during the Covid-19 pandemic, the UK Government has decided that the pace of cybersecurity improvement needs to be accelerated.

The Department of Culture, Media and Sport (DCMS) has announced that as soon as parliamentary time allows it will introduce a new law to protect people from cyber attacks caused by vulnerabilities in 'Internet of Things' (IoT) smart devices such as phones, speakers, doorbells, watches, toys, TVs, cameras, and yes - smart fridges too.

Under the new legislation it is proposed that:

easy-to-guess default passwords will be banned
companies will have to make it easier for people to report software bugs that could be exploited by hackers
manufacturers will need to tell customers buying devices how long their purchase will receicve guaranteed security updates
devices will have to meet new (stricter) standards

It is understood that the new law will have teeth. An as yet unnamed enforcement body will be given powers to investigate allegations of non-compliance and take steps to ensure compliance. It will have powers to issue corrective measures, sanctions and in the most serious cases instigate criminal proceedings.

No timetable for the introduction of the new law has yet been announced.

Link to UK Gov Press Release

UK On Track to EU Adequacy

Data Privacy Day Icon 19 April 2021

Having left the EU, the UK has become been a 'third country', in particular in relation to data protection. A temporary arrangement that expires on 30th June has meant that to date little has changed and transfers of personal data have been flowing largely as before. For more permanent stability however, the UK needs to be regarded as 'adequate' by its near neighbours.

Adequacy came a step closer on 13th April when the EU Data Protection Board (EDPB) announced that it would be recommending approval of the UK's status in regard to both transfers of personal data (under the EU GDPR) and transfers of personal data under the Law Enforcement Directive (LED).

The EDPB also recommended that the UK's data protection regime be kept under scrutiny in relation to access by UK public authorities to EU personal data for national security purposes and as EU data protection legislation develops.

Under the complicated EU process, EU Member States will also shortly assess UK adequacy before the final decision can be adopted by the European Commission.

Exigia

News and comment

UK Granted EU Adequacy

UK Government Plans New Cybersecurity Law

UK On Track to EU Adequacy

More Articles ...

for more IG and cybersecurity news, see our newsfeeds