Contact us today on 0161 660 8513
What is GDPR?
GDPR, effective from May 2018, is the latest data protection regulation from the EU and has been designed to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
In the UK, GDPR replaces the Data Protection Act 1998. The GDPR introduces new obligations to data processors and data controllers, including those based outside the EU.
The regulation significantly extends the rights of ‘Data Subjects’ (people you hold data for or process data). For example, the right to know what data is stored about them, and to request correction and erasure.
Given that a breach can lead to fines of up to 4% of annual worldwide turnover or €20 million (whichever is greater), it is important for companies to assess how GDPR will affect them, and prioritise preparations to comply by May 2018.
How can ISO 27001 help your organisation achieve compliance with GDPR?
ISO 27001 Information Security Management is the broadest and most well-known business framework for managing information–related risk. The standard outlines specific requirements and controls to ensure that your business responds to regulatory requirements, such as EU GDPR, as well as ensuring that the appropriate controls are in place to manage risks to your business information, including personal records.
If the scope of your ISO 27001 certification identifies personal data as an information security asset, much of the EU GDPR requirements will be covered.
Many of the GDPR requirements, are also requirements of ISO 27001, so the two are well aligned. Examples of these requirements include:
- Responsibility and accountability
- Gaining consent for holding and using data
- Appointing a Data Protection Officer
- Recording and investigating data breaches.
My business is not yet ISO 27001 certified, is certification possible before the GDPR deadline?
Don’t worry, if you don’t yet have ISO 27001 we can certify your business within 3 to 9 months, depending on your internal resources to implement. However, you do need to act quickly.
Call us today on 0161 660 8513
We can help you every step of the way with your journey to certification
Training: we continuously run ISO 27001 training courses, from basic awareness for those who have a responsibility to handle data, through to Lead Auditor courses designed for those responsible for implementing and leading your ISO 27001 Management System.
Call 01296 768 999 today to find a course near you
Gap Analysis: Our auditors can help in identifying your current gaps for compliance to ISO 27001 by carrying out an onsite pre-assessment.
Webinars: Covering topics such as ‘An overview to GDPR’ and ‘ISO 27001: A guide to implementation’.
We’d be delighted to discuss your ISO 27001 requirements, our team of technical sales advisors are waiting to take your call.
Contact us today on 0161 660 8513
or drop us an email
- Why does a company need the ISO 27001 standard?
Many organisations mistakenly believe that ISO 27001 is an I.T. standard that is all about computers and systems – this is not the case; it’s about the security of information. Another misunderstanding is that security is all about confidentiality. A common response is ‘we don’t have any secret information’; it’s surprising how much information you do have, such as client bank details, payroll and other personal information relating to staff, as well as customer information – for example, personal data held and used for marketing purposes. The standard also talks about availability and integrity and requires organisations to consider business continuity, and how the risk of data breaches is considered and managed.
- Since first issued in 2005, how much interest has the standard acquired?
While ISO 27001 has been in place since 2005, its uptake has increased significantly in recent years, resulting from the increasing emphasis on information security and the increasing number of security-related incidents including high profile brands and public sector organisations. ISO 27001 has practically become a ‘must have’ on many public sector and large company tenders, reflecting the fact that information security is a key risk for businesses in all industries.
- How does ISO 27001 help companies become more secure?
ISO 27001 helps organisations make informed choices regarding their information assets and the systems, people and procedures that manage them. The standard is underpinned by a risk management approach – assisting you to understand the information that you hold and use, working out what can go wrong and how likely that is. This helps you decide on control measures you must have in place to remain compliant with legislation, minimize the risk of security breaches and provide assurance to your customers and other stakeholders that you do everything you can to keep their data secure.
Why choose ISOQAR as your certification partner?
Need a consultant?
Many organisations choose to work with an external consultancy to help implement ISO 27001 and carry out an internal audit, ahead of applying for certification. As a UKAS accredited certification body, and to maintain impartiality when performing third party audits, we are unable to endorse any individual consultant. However, you can search for a consultant based in your area on our find a consultant online database.
Already certified for ISO 27001?
Did you know that if you’re not happy with your current certifier you can easily transfer your certification over to us?
Looking for a different standard?
Below is a list of popular standards that we also provide certification for: