Holray information security & GDPR

Norwich, Norfolk, UK · +44 1603 505050 · consulting@holray.co.uk

Information security, network intrusion testing and GDPR training and support from Holray Data and Security.
As part of Holray Systems Limited, Holray Information security operates as a small specialist consultancy business offering GDPR and information security support based in Norwich, UK.
The consultancy has spun off from supporting customers using our booking system. Our team can support your business across all areas.
Simon and Phillip are both Certified Ethical Hackers and Rachel and Phillip are certified GDPR Practitioners.
Together we can offer help and guidance regarding your GDPR compliance, test your network security, offer assistance with preventative cyber security best practice. Should you encounter a security incident, we can help to identify, detect and respond with breach disclosure and recommend any necessary remediation activities.


General Data Protection Regulations May 25th 2018

GDPR is made up of principles and rights. The principles relate to the information you hold on an individual. The rights relate to what the individual can uphold in a court of law.
Brexit does not effect the regulations.

There are 6 + 1 principles. These are:

  1. The data you collect must be collected in a legal, fair and transparent manner.
  2. The data you collect must be for a specific purpose.
  3. You must only collect what you need, no more.
  4. What you collect and hold must be accurate.
  5. You should retain the data for only as long as you need it.
  6. The data must be stored safely and securely.
  7. Accountability for all.

There are 8 rights for a data subject. These are:

  1. A person has the right to be informed as to what data you hold . Privacy Notice..
  2. A person has the right of access to their data.
  3. A person has the right to expect, and demand, that the data you hold is correct.
  4. A person has the right to move the data, where applicable, to another business, electronically.
  5. A person has the right to object to what you hold about them.
  6. A person has the right to restrict what you hold about them.
  7. A person has the right to not be subject to profiling in decision making, with exceptions.
  8. A person has the right to be forgotten (limited).

If you require any training or support with GDPR contact us today.

Information Security (infosec)

At the core of information security is information assurance, the act of maintaining the confidentiality, integrity and availability (CIA) of information, ensuring that information is not compromised in any way when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction, and physical theft. While paper-based business operations are still prevalent, requiring their own set of information security practices, enterprise digital initiatives are increasingly being emphasized, with information assurance now typically being dealt with by information technology (IT) security specialists. These specialists apply information security to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory. Such devices can range from non-networked standalone devices as simple as calculators, to networked mobile computing devices such as smartphones and tablet computers. IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to acquire critical private information or gain control of the internal systems.

The field of information security has grown and evolved significantly in recent years. It offers many areas for specialization, including securing networks and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning, electronic record discovery, and digital forensics. Information security professionals are very stable in their employment. As of 2013 more than 80 percent of professionals had no change in employer or employment over a period of a year, and the number of professionals is projected to continuously grow more than 11 percent annually from 2014 to 2019.


Information security threats come in many different forms. Some of the most common threats today are software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Most people have experienced software attacks of some sort. Viruses, worms, phishing attacks, and Trojan horses are a few common examples of software attacks. The theft of intellectual property has also been an extensive issue for many businesses in the information technology (IT) field. Identity theft is the attempt to act as someone else usually to obtain that person's personal information or to take advantage of their access to vital information. Theft of equipment or information is becoming more prevalent today due to the fact that most devices today are mobile, are prone to theft and have also become far more desirable as the amount of data capacity increases. Sabotage usually consists of the destruction of an organization's website in an attempt to cause loss of confidence on the part of its customers. Information extortion consists of theft of a company's property or information as an attempt to receive a payment in exchange for returning the information or property back to its owner, as with ransomware. There are many ways to help protect yourself from some of these attacks but one of the most functional precautions is user carefulness.

Governments, military, corporations, financial institutions, hospitals and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor or a black hat hacker, a business and its customers could suffer widespread, irreparable financial loss, as well as damage to the company's reputation. From a business perspective, information security must be balanced against cost

For the individual, information security has a significant effect on privacy, which is viewed very differently in various cultures.


If you want to get in touch please give us a call on 01603 505050 or email consulting@holray.co.uk

Holray Systems Limited is a company registered in England No. 3237283.

Registered Address: Evolution House, Iceni Court, Delft Way, Norwich, Norfolk, England, NR6 6BB