Mehdi Hasan on the threat from far-right terrorism

The Home Affairs Select Committee has produced an important report on an oft-ignored subject.

For some in the west, and in particular here in the UK, the murder of 77 people in Norway by Anders Breivik seemed unbelievable and inexplicable. It didn't compute. The moment the news broke, for instance, Labour MP Tom Harris took to Twitter to blame - yep, you guessed it - Muslim extremists for the killings. To be fair to Harris, he was just articulating out loud what others - liberals and conservatives alike - were thinking and assuming in their heads. Even after it became clear that it wasn't a Muslim who had perpetrated this atrocity, some refused to call it an act of terrorism, preferring to refer to the perpetrator of the crime as "mad" and "insane".

As Guy Walters noted at the time:

For some commentators, such as Simon Jenkins in the Guardian, Sam Leith in the Evening Standard, and Boris Johnson in the Daily Telegraph, Breivik's actions are explained by insanity, and there is not much need to study Breivik's 'manifesto'. This, the argument runs, was the work of a lunatic who had built a puerile ideology to accommodate his psychopathy. In essence - the madness comes first, then the political justification, then the slaughter.

But Anders Breivik isn't a madman and his crime wasn't prompted by voices in his head. Just read his detailed, 1500-page manifesto, 2083 A European Declaration of Independence, to see how disturbingly rational, thought-through and politicized his hate-filled views and opinions are.

As Walters argued last year:

The roots of Breivik's actions clearly lie in his politics, and when you read his 'manifesto', it is clear why he decided to act as he did. His argument runs thus: Multiculturalism, 'cultural Marxism' and immigration of Muslims is destroying our way of life. The people responsible for this are the ruling Labour Party. These people are traitors. I have tried to act politically, but that has yielded no reward, and little hope of doing so. Violence is the only solution. Therefore, kill the next generation of political Labour Party leaders. This is a necessary evil, but will save us from the greater murderousness of Islam in the long run. And, in a brutally logical way, that is just what Breivik did.

You can read Walter's excellent blogpost in full here.

Now, I've written before about the oft-ignored threat from far-right, "white" terrorism - for example, in the New Statesman in July 2009 and in the Guardian in January 2011. In the latter piece, I noted how

FBI figures show between 2002 and 2005 there were 24 acts of terrorism recorded in the US; 23 of those incidents were carried out by non-Muslim,"domestic terrorists".

Often the reaction I get to such pieces amounts to a version of: "You're just saying all this because you're Muslim and you want to deflect attention away from the crimes of your co-religionists." There is an assumption among opinion-formers and decison-makers that the threat from far-right terrorism isn't as serious or worthy of debate and discussion as the threat from Islamist terorrism - despite the killing of 77 people in nearby Norway by a non-Muslim terrorist with extensive links to our own English Defence League (EDL).

Thankfully, the Home Affairs Select Committee, in a new report out today, seems to disagree with the conventional wisdom. MPs on the committee noted that there

appears to be a growth in more extreme and violent forms of far-right ideology. Indeed it is clear that individuals from many different backgrounds are vulnerable, with no typical profile or pathway to radicalisation.

The MPs concluded:

A view was expressed by some of those giving evidence to us, and those to whom we spoke less formally, that the revised Prevent Strategy only pays lip service to the threat from extreme far-right terrorism. We accept that Prevent resources should be allocated proportionately to the terrorist threat, and that to an extent we must rely upon the intelligence and security services to make this judgement. However, we received persuasive evidence about the potential threat from extreme far-right terrorism. The ease of travel and communications between countries in Europe and the growth of far-right organisations, which appear to have good communications with like-minded groups within Europe, suggest that the current lack of firm evidence should not be a reason for neglecting this area of risk. The Prevent Strategy should outline more clearly the actions to be taken to tackle far right radicalisation as well as explicitly acknowledge the potential interplay between different forms of violent extremism, and the potential for measures directed at far-right extremism to have a consequential effect on Islamist extremism, and vice versa.

Will Theresa May and co take notice of the report's conclusions? Will the media start shining a light on the very real threat from far-right terrorism? If not in the interests of fairness and balance, then at least in the interests of safety, security and self-preservation? I have my doubts...

Mehdi Hasan is a contributing writer for the New Statesman and the co-author of Ed: The Milibands and the Making of a Labour Leader. He was the New Statesman's senior editor (politics) from 2009-12.

Image: Shutterstock
Show Hide image

Are you ready to comply with the EU GDPR?

Alan Calder, the founder and executive chairman of IT Governance, discusses the EU General Data Protection Regulation (GDPR) and how your organisation can achieve compliance.

The EU General Data Protection Regulation (GDPR) will supersede the UK Data Protection Act 1998 on 25 May 2018, introducing new obligations for all organisations that process the personal data of EU residents.

The GDPR introduces significant changes in the areas of data subject and child consent, privacy by design, data breach notification, international data transfers and data protection officers, among others.

With the prospect of multi-million pound fines for non-compliance, and less than two years until the Regulation is enforced, organisations in the UK should urgently be considering what they need to do to comply.

The skills and resources required under the GDPR

The GDPR requires certain organisations to appoint a data protection officer (DPO). The role of a DPO includes informing and advising the controller and processor of their data protection obligations, monitoring the organisation’s compliance and performance, providing advice on data protection impact assessments, and giving due regard to risks associated with data processing operations. DPOs must have the legal and information security knowledge and skills necessary to help organisations achieve compliance with the Regulation.

As an expert in information security and data protection compliance, IT Governance has developed Europe’s first certified EU General Data Protection Regulation Foundation and Practitioner training courses to help individuals who are involved in data protection or who are looking to fulfil the role of data protection officer in order to achieve compliance with the Regulation. The certified training programme is designed to equip individuals with a comprehensive understanding of the GDPR requirements and a practical guide to planning, implementing and maintaining compliance with the GDPR.  

Inform GDPR transition planning through data flow mapping and gap analysis

An important first step in achieving compliance with the GDPR is to review your organisation’s data flows. A data flow audit will allow your organisation to map the locations of all personally identifiable information (PII), gain visibility over your data flows, develop effective strategies to protect PII, improve data lifecycle management and introduce efficiencies into your processes, and reduce privacy-related risks. 

Organisations that plan to comply with the GDPR but that lack visibility over their data flows are encouraged to conduct a data flow audit. The process involves mapping out the organisation’s data flows to get a comprehensive understanding of the sources from which the data flows. IT Governance can help organisations prepare for the GDPR with an extensive data flow audit that will enable you to identify the measures, policies and procedures needed to reduce the risk of a data breach.

Implement technical and organisational measures with ISO 27001

ISO 27001 is the international best-practice standard for information security management and encompasses three essentials aspects: people, processes and technology. The Standard is designed not only to defend your company against technology-based risks but also to prevent common security issues such as those caused by lack of staff awareness around current threats or ineffective information security procedures.  

Moreover, the GDPR clearly states that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”. These measures relate to personal data encryption and pseudonymisation; access and availability of data; the confidentiality, integrity and availability of processing systems and services; and regular assessment and evaluation of technical and organisational measures to ensure the security of processing.

An ISO 27001-compliant information security management system (ISMS) is founded on an enterprise-wide a culture of information security, led by the board. It necessitates that your organisation’s information security strategy be constantly monitored, updated and reviewed, and this process is amenable to helping you implement the technical and organisational measures of the GDPR.   

ISO 27001 can help you meet parallel GDPR and NIS Directive requirements

The NIS Directive, which is set to come into force at the same time as the GDPR, is designed to help organisations within the EU achieve a common level of security across their networks and information systems. The Directive applies to organisations providing essential services in sectors such as finance, energy and transport, as well as digital service providers.

Similar to the GDPR, the NIS Directive requires a robust ISMS and encourages a security culture. As a result, more and more organisations preparing to comply with both the GDPR and the NIS Directive are also seeking certification to ISO 27001. The Standard contains information security requirements that, when met, can allow your organisation to centralise and simplify your compliance efforts for the NIS Directive and the GDPR.

IT Governance’s ISO 27001 packaged solutions can help you tackle your organisation’s GDPR and NIS Directive compliance requirements as well as implement a robust  ISMS. The ISO 27001 packaged solutions provide a unique blend of expertly developed tools and resources that complement your organisation’s skills and resources at a fixed price and in a timely manner.

To find out more about GDPR compliance or ISO 27001 packaged solutions please visit (, email, or call us on +44 (0)845 070 1750.

Alan Calder is the founder and executive chairman of IT Governance.