Five questions answered on the latest development in the horsemeat scandal

Plot thickens with Findus lasagne.

As the plot thickens in the UK horsemeat food fiasco we answer five questions on the latest developments.

What’s happened now?

Due to more products being found to contain horsemeat – the latest is Findus’s lasagne containing up to 100 per cent horsemeat – The Food Standards agency has ordered all UK retailers to test processed beef products for horsemeat.

The agency has asked for test results by next Friday.

Findus had tested 18 of its beef lasagne products and found 11 meals containing between 60 per cent and 100 per cent horsemeat. The products were made by a third-party French supplier, Comigel, who alerted the company that they may not “confirm to specification”.

Why is this happening?

No one knows for sure, but there has been speculation that criminal activity may be responsible.

The Food Standards Agency (FSA) has already said it was "highly likely" criminal activity was to blame for the contamination.

It’s Chief executive Catherine Brown told the BBC: "I have to say that the two cases of gross contamination that we see here indicates that it is highly likely there has been criminal and fraudulent activity involved.”

The FSA added that police are involved in ongoing enquires in relation to the horsemeat scandal.

Is there any health risk from all this unauthorised meat that has found its ways into supermarkets’ frozen foods?

No. The FSA has said:

"There is no reason to suspect that there's any health issue with frozen food in general, and we wouldn't advise people to stop eating it."

Although, it has asked Findus to test its products for the veterinary drug phenylbutazone, or "bute, which is not allowed to the enter food system, but if it did it could be harmful to humans.

Is this food still on supermarket shelves?

On Monday Findus withdrew its beef lasagne in 320g, 360g and 500g sizes as a precaution

Earlier this week, Comigel had advised Findus and Aldi to withdraw Findus Beef Lasagne and Aldi's Today's Special Frozen Beef Lasagne and Today's Special Frozen Spaghetti Bolognese. An Aldi spokesperson confirmed they had been removed and it is conducting its own investigation.

Tesco also decided to withdraw Everyday Value Spaghetti Bolognese as it was produced at the same site, but there is no evidence it has been contaminated.

What’s going to happen next?

Most likely more revelations, these are expected as further testing is carried out.

Labour's Mary Creagh told the BBC:

"What we have had over the last four weeks is a constant drip, drip, drip of revelations from the food industry, from the Food Standards Agency, and what I am worried about is that the more they are testing for horse, the more they are finding," she said.

Adding: "It's simply not good enough for ministers to sit at their desks and pretend this isn't happening."

A statement from the British Meat Processors Association (BMPA) to the BBC said "deplores the latest reported incidents of gross contamination of some processed meat products".

"The BMPA has urged its members to be vigilant, and to review their raw material and ingredients-sourcing procedures in order to ensure that they meet their responsibilities to produce safe food and to describe and label their products accurately."

Photograph: Getty Images

Heidi Vella is a features writer for

Image: Shutterstock
Show Hide image

Are you ready to comply with the EU GDPR?

Alan Calder, the founder and executive chairman of IT Governance, discusses the EU General Data Protection Regulation (GDPR) and how your organisation can achieve compliance.

The EU General Data Protection Regulation (GDPR) will supersede the UK Data Protection Act 1998 on 25 May 2018, introducing new obligations for all organisations that process the personal data of EU residents.

The GDPR introduces significant changes in the areas of data subject and child consent, privacy by design, data breach notification, international data transfers and data protection officers, among others.

With the prospect of multi-million pound fines for non-compliance, and less than two years until the Regulation is enforced, organisations in the UK should urgently be considering what they need to do to comply.

The skills and resources required under the GDPR

The GDPR requires certain organisations to appoint a data protection officer (DPO). The role of a DPO includes informing and advising the controller and processor of their data protection obligations, monitoring the organisation’s compliance and performance, providing advice on data protection impact assessments, and giving due regard to risks associated with data processing operations. DPOs must have the legal and information security knowledge and skills necessary to help organisations achieve compliance with the Regulation.

As an expert in information security and data protection compliance, IT Governance has developed Europe’s first certified EU General Data Protection Regulation Foundation and Practitioner training courses to help individuals who are involved in data protection or who are looking to fulfil the role of data protection officer in order to achieve compliance with the Regulation. The certified training programme is designed to equip individuals with a comprehensive understanding of the GDPR requirements and a practical guide to planning, implementing and maintaining compliance with the GDPR.  

Inform GDPR transition planning through data flow mapping and gap analysis

An important first step in achieving compliance with the GDPR is to review your organisation’s data flows. A data flow audit will allow your organisation to map the locations of all personally identifiable information (PII), gain visibility over your data flows, develop effective strategies to protect PII, improve data lifecycle management and introduce efficiencies into your processes, and reduce privacy-related risks. 

Organisations that plan to comply with the GDPR but that lack visibility over their data flows are encouraged to conduct a data flow audit. The process involves mapping out the organisation’s data flows to get a comprehensive understanding of the sources from which the data flows. IT Governance can help organisations prepare for the GDPR with an extensive data flow audit that will enable you to identify the measures, policies and procedures needed to reduce the risk of a data breach.

Implement technical and organisational measures with ISO 27001

ISO 27001 is the international best-practice standard for information security management and encompasses three essentials aspects: people, processes and technology. The Standard is designed not only to defend your company against technology-based risks but also to prevent common security issues such as those caused by lack of staff awareness around current threats or ineffective information security procedures.  

Moreover, the GDPR clearly states that “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk”. These measures relate to personal data encryption and pseudonymisation; access and availability of data; the confidentiality, integrity and availability of processing systems and services; and regular assessment and evaluation of technical and organisational measures to ensure the security of processing.

An ISO 27001-compliant information security management system (ISMS) is founded on an enterprise-wide a culture of information security, led by the board. It necessitates that your organisation’s information security strategy be constantly monitored, updated and reviewed, and this process is amenable to helping you implement the technical and organisational measures of the GDPR.   

ISO 27001 can help you meet parallel GDPR and NIS Directive requirements

The NIS Directive, which is set to come into force at the same time as the GDPR, is designed to help organisations within the EU achieve a common level of security across their networks and information systems. The Directive applies to organisations providing essential services in sectors such as finance, energy and transport, as well as digital service providers.

Similar to the GDPR, the NIS Directive requires a robust ISMS and encourages a security culture. As a result, more and more organisations preparing to comply with both the GDPR and the NIS Directive are also seeking certification to ISO 27001. The Standard contains information security requirements that, when met, can allow your organisation to centralise and simplify your compliance efforts for the NIS Directive and the GDPR.

IT Governance’s ISO 27001 packaged solutions can help you tackle your organisation’s GDPR and NIS Directive compliance requirements as well as implement a robust  ISMS. The ISO 27001 packaged solutions provide a unique blend of expertly developed tools and resources that complement your organisation’s skills and resources at a fixed price and in a timely manner.

To find out more about GDPR compliance or ISO 27001 packaged solutions please visit (, email, or call us on +44 (0)845 070 1750.

Alan Calder is the founder and executive chairman of IT Governance.