General Data Protection Regulation (GDPR)

The EU GDPR is the culmination of years of work by the EU to reform Data Protection regulation into a Union-wide framework instead of a patchwork of country-specific legislations. The GDPR affects all organisations - including those in the Third Sector -  that hold personal data on EU citizens, regardless of where they are based in the world. The maximum fines for non-compliance are the higher of €20m and 4% of the organisation’s worldwide turnover.  


The EU General Data Protection Regulation (GDPR) is a new law that strengthens privacy for EU citizens.


All organisations that hold personally identifiable data on EU citizens. Even organisations based outside of the EU must comply.    


Enforcement begins on 25 May 2018. Many countries start implementing sooner.

Main Causes of Data Breaches

Let’s take a look at what is the main cause of data breaches today within the third sector. The majority organisations that lost data in 2016 were through hacking or malware with 57%, followed by unintended disclosure. In fact, incidents caused by hacking or malware represent over 90% of all the breached records last year. A staggering amount of data that could have been protected with better security. Encryption is universally acknowledged as one of the best ways to prevent data breaches and to mitigate risks. As a non-profit organisation we know how important your data is and the sensitivities that come with it.
Data Breaches


First and foremost, it’s important to review and consider your current data protection capabilities. What does your non-profit currently have in place to ensure the security and privacy of your customers and employees sensitive data? Though GDPR is the ‘trigger point’ for reviewing your cyber security, having the minimum cyber security requirements in place is best practice to protect your organisation against viruses, malware and data leakage.

Sophos Central EndPoint

Sophos Endpoint blocks malware and infections by identifying and preventing the handful of techniques and behaviours used in almost every exploit.

Sophos Endpoint doesn’t rely on signatures to catch malware, which means it catches zero-day threats without adversely affecting the performance of your device. So, you get protection before those exploits even arrive.

Advanced Threat Protection

With Office 365 Advanced Threat Protection, you can protect your mailboxes against new, sophisticated attacks in real time.

By protecting against unsafe attachments and expanding protection against malicious links, it complements the existing Hosted Exchange security features to provide better zero-day protection.

Intercept X

Ransomware is the number one malware attack affecting organisations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to your charity’s productivity.

Sophos Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by ransomware—even trusted files that have been hijacked.

Device Encryption

Each year, millions of laptop computers are misplaced, stolen, or lost; many of them containing important and sensitive data. Full disk encryption is the essential first line of defence to protect your data in any of these events.

Sophos Central gives you the ability to manage full disk encryption from a single, integrated, web-based management centre.

Unified Threat Management

Sophos UTM provides the ultimate network security package with everything you need in a single modular appliance. It simplifies your IT security without the complexity of multiple-point solutions. The intuitive interface will help you quickly create policies to control security risks. And clear, detailed reports will give you the insight you need to improve your network performance and protection.


Protect your network using multi-layered proven protection technologies.

We’ll give you complete control to block, allow, shape and prioritise applications. Our Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And you’ll get feedback on unclassified applications and websites too.

Cyber Essentials

Cyber Essentials

What Is Cyber Essentials? The Cyber Essentials scheme is a cyber security standard, which organisations can be assessed and certified against. It identifies the security controls that an organisation must have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating the risk from Internet-based threats.

Who Is It For? Cyber Essentials is applicable to all organisations, of all sizes, and in all sectors. We encourage all organisations to look at the requirements and to adopt them. This is not limited to companies in the private sector, but is applicable to universities, charities, public sector and not-for-profit organisations.

What are the Benefits? The Cyber Essentials scheme provides organisations with clarity on what essential security controls they need to have in place to reduce the risk posed by threats on the Internet with low levels of technical capability. Organisations that are good at cyber security can make this a selling point – demonstrating to their customers through the Cyber Essentials badge that they take cyber security seriously.

Cyber Essentials

Secure configuration

Cyber Essentials

Boundary firewalls and internet gateways

Cyber Essentials

Access control and administrative privilege management

Cyber Essentials

Patch management

Cyber Essentials

Malware Protection