Implementing VOSO Lite provides the staff training, Information risk and general data protection policies that addresses the first line of defense for an organization which is people and process. It tells the organization’s workforce what they can and cannot do and trains them to offset social engineering campaigns that are one of the main causes of a data breach. It completes Sections 6, 8 and 10 of the ICO’s Practical Guide to IT Security for Small Medium Businesses that is the security section of the guide to the GDPR. All that is required is for you to complete a simple registration form and load your employees' email addresses into VOSO. VOSO Lite does the rest.
After VOSO Lite you move onto VOSO Plus that implements Cyber Essentials which is a great first step. It can already mitigate ICO fines if a company suffers a breach. Cyber Essentials certification is evidence that you have implemented the basic technical controls towards protecting your business and your data from Internet-based cyber-attacks. It then progresses onto IASME governance standard that includes the specific GDPR questions. By completing this stage, you will demonstrate that your organization has implemented a wider governance system for management of the controls protecting personal data. It adds a number of actions such as assessing business risks incident response planning and handling operations issues.