Protect Directors from Fines & Liability
Under GDPR, NIS2, and UK data protection law, directors are personally liable for data breaches. Offline Secure Storage (OSS) provides demonstrable, appropriate technical measures.
We Think This Is Hard to Ignore
94% of breaches target executive-level information, and directors face up to £500,000 in personal liability. At Firevault, we provide the only storage with a physical audit trail that proves data was unreachable by design.
€20M or 4%
Maximum GDPR fine per breach
GDPR Article 83
£500,000
Maximum ICO director personal liability
ICO
94%
Of breaches target executive-level information
Verizon DBIR 2024
£4.7M
Average breach cost when board data is compromised
IBM 2024
Directors carry more risk than they realise.
Personal Liability
Directors can be personally fined and disqualified for data protection failures.
Inadequate Measures
Cloud-only storage may not satisfy 'appropriate technical measures' under GDPR Article 32.
Board Exposure
Board papers, strategy documents, and governance records are high-value targets.
Directors are already paying the price.
Capita: £14M Fine, ICO Held Directors Accountable
The ICO fined Capita £14 million for security failures, explicitly citing inadequate technical measures that directors should have ensured were in place.
ICO, October 2025
LastPass: £1.2M Fine for Failures Unacceptable in a Security Company
The ICO ruled that the company managing the world's passwords failed its users, fining it £1.2 million for inadequate security measures.
ICO, December 2025
Care Home Director: Convicted for Blocking Data Access Request
A care home director in Bridlington was found guilty and fined for refusing to respond to a subject access request, demonstrating personal liability extends beyond breaches.
ICO, September 2025
The Scenario
The ICO letter arrives.
A breach exposed 12,000 customer records. The ICO asks one question: 'What appropriate technical measures did you take?' Your cloud provider's SLA is not enough. But your Firevault audit trail shows physically disconnected storage, authenticated access, and tamper-evident environments.
"The directors who could answer the question kept their careers."
Create evidence of control the ICO cannot ignore.
Board papers, governance records, and sensitive data are removed from shared drives, email threads, and cloud platforms, and placed on dedicated RAID 1 drives inside a Firevault Bunker. Every access session is identity-verified and logged: who accessed what, when, and for how long. When the session ends, the drives disconnect physically. That audit trail is the answer to 'What appropriate technical measures did you take?' It is not a policy document. It is evidence.
- Appropriate technical measures, sensitive data is removed from connected systems and placed on hardware with no network connection. This is the strongest measure a director can demonstrate
- Documented evidence of control, every access session is identity-verified and logged. The ICO does not accept policies. They accept proof that data was protected
- Board papers removed from shared drives, no longer sitting in email inboxes, collaboration tools, or file shares where a breach exposes them
- Physical disconnection between sessions, regulatory evidence that data was architecturally unreachable, not just protected by a password
Take Sensitive Data Off Connected Systems
Step 1 of 3Board papers, governance records, and compliance evidence are removed from shared drives, email threads, and cloud platforms. They are written to dedicated offline drives inside a Firevault Bunker. The data no longer exists on any system an attacker, or a negligent employee, can reach.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Choose Your Protection
Which OSS Fits?
300GB
Low Use Vault, Deep Cold Storage
From £74.99/mo
inc. VAT · £0 due today
Deep cold storage for board minutes, governance documents, and records accessed periodically for audits.
What 300GB holds
Use Cases for Director Protection
- Board minutes and meeting records
- Director correspondence and decisions
- Governance and compliance policy archives
- Regulatory submission preparation files
- Historic audit and investigation records
Specifications
Capacity
300GB
Access
2 windows/week
Authentication
Identity-locked
Commitment
36 months
Security & Compliance
How to Get Started
Step 1
Discovery Call
Understand what you need to protect and how you operate.
Step 2
Vault Configuration
Select your tier, capacity, and access model.
Step 3
Identity Verification
Complete KYC/AML and set up multi-factor authentication.
Step 4
Go Live
Data ingestion, access policy activation, and ongoing support.
One Vault, every party, every stage of the board cycle.
Offline Secure Storage sits at the centre of the boardroom, owned by the directors personally accountable for governance, conduct and disclosure. Pre-reads and briefings feed the live board file on one set of wings; the governance network and the live committees that run in parallel form the other. Nothing is reachable between sessions, and every touch is logged for auditors, regulators and the directors themselves.
;%20}%20.cls-5%20{%20fill:%20%23ff585b;%20}%20.cls-6%20{%20fill:%20%2300e8e4;%20}%20%3c/style%3e%3clinearGradient%20id='linear-gradient'%20x1='276.74'%20y1='118.34'%20x2='222.69'%20y2='132.54'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='.27'%20stop-color='%23ea2b6c'/%3e%3cstop%20offset='.6'%20stop-color='%23514f62'/%3e%3c/linearGradient%3e%3c/defs%3e%3cg%3e%3cpath%20class='cls-6'%20d='M250.69,382.32v-171.71L93.34,115.59c-29.58-17.86-67.32,3.44-67.32,37.99h0c0,57.77,30.22,111.32,79.67,141.18l145,87.56Z'/%3e%3cpath%20class='cls-3'%20d='M250.69,382.32v-171.71l157.35-95.02c29.58-17.86,67.32,3.44,67.32,37.99h0c0,57.77-30.22,111.32-79.67,141.18l-145,87.56Z'/%3e%3cpath%20class='cls-5'%20d='M250.69,209.97l-140.85,80.93c-20.88,12-33.76,34.25-33.76,58.33h0c0,59.08,63.9,96.06,115.13,66.63l59.47-34.18v-171.71Z'/%3e%3cpath%20class='cls-2'%20d='M250.69,209.97l140.85,80.93c20.88,12,33.76,34.25,33.76,58.33h0c0,59.08-63.9,96.06-115.13,66.63l-59.47-34.18v-171.71Z'/%3e%3c/g%3e%3cg%3e%3cpath%20class='cls-4'%20d='M276.54,114.19h-33.56l-3.97-7.22h33.39l-6.23-11.23h-33.55l-6.36,11.22,4.03,7.23h-8.05l-6.41,11.35,16.72,29.8h12.79l-16.87-29.8h8.3l16.63,29.8h12.79l16.64-29.86-6.26-11.28ZM259.72,144.12l-10.41-18.71,20.77.05-10.35,18.66Z'/%3e%3cpolygon%20class='cls-1'%20points='269.14%20126.37%20269.11%20126.42%20248.35%20126.37%20269.14%20126.37'/%3e%3c/g%3e%3c/svg%3e)
Board Intake
- Board papers and pre-reads issued through controlled channels
- Briefings, management accounts and KPI packs lodged ahead of meetings
- Conflicts of interest and related-party declarations captured at intake
- Whistleblowing reports and protected disclosures logged on receipt
- External counsel opinions and skilled-person reports recorded on file
- Materiality assessments and disclosure triggers kept with the agenda
Live Board File
- Minutes, resolutions and written consents
- Register of decisions and reserved matters
- Conflicts and related-party register
- Risk register and principal-risk assessments
- Cyber, ESG and operational-resilience reports
- Director duties and section-172 evidence
- Audit findings and management responses
- Disclosure log and announcement drafts
Governance Network
- External auditors and reporting accountants
- Corporate counsel and litigation lawyers
- Sector regulators, FCA, PRA and the ICO
- Cyber insurers and D&O brokers
- Investor relations, registrars and proxy advisors
Live Committees
- AuditAUD
- RiskRSK
- RemunerationREM
- NominationNOM
- DisclosureDIS
Questions
Frequently Asked
Ready to take the next step?
See how Firevault can protect your most sensitive data with physically disconnected storage.