In her annual report, Helen Dixon, the Irish Data Protection Commissioner, stated that “Cybersecurity must now be a key priority for all organisations to maintain ‘integrity and confidentiality’ – particularly as this is one of the two new general principles of data protection introduced under the [General Data Protection Regulation (GDPR)] and against which the higher level of fines under [the] GDPR will apply.”
ISO/IEC 27001 provides an excellent starting point for achieving the technical and operational requirements necessary to prevent a data breach under the GDPR. In fact, a company that has implemented ISO 27001 has already done at least half the job of achieving GDPR compliance by minimising the risk of a breach.
What is ISO 27001?
ISO/IEC 27001:2013 is the international standard that describes best practice for an information security management system (ISMS). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.
How can ISO 27001 help with GDPR compliance?
Having an ISMS certified by an accredited certification body is concrete evidence that an organisation is in a strong place regarding GDPR compliance. This is the benefit of third-party validation, and is why ISO 27001 is highly regarded as superior to self-certification schemes.
ISO 27001 not only addresses the need to comply with legislation through a systematic set of policies and processes but it also offers a reference set of controls. These controls, although they may not be exhaustive, can be readily leveraged to provide appropriate “technical and organisational measures”, as required by the GDPR.
Download our free guide on GDPR compliance and ISO 27001 to discover how to meet GDPR’s technical and organisational requirements with ISO 27001.