Progress continues to be made on the EU General Data Protection Regulation (GDPR) – albeit slowly.
Last month’s round of GDPR negotiations – the second ‘trilogue’ between the European Parliament, the European Council and the European Commission – addressed the Regulation’s territorial scope (Article 3) and rules pertaining to international data transfers (Chapter V).
On 15 July, the day after the trilogue meeting, Jan Philipp Albrecht, MEP, the European Parliament’s lead negotiator on the GDPR, told the Committee on Civil Liberties, Justice and Home Affairs that the participants had “reached a satisfying agreement for all sides”. Agreement was also reached on the applicability of the GDPR to data processors outside the EU, which Herr Albrecht said would “level the playing field” between EU and non-EU organisations.
See this European Parliament video from 3:09:30 for Herr Albrecht’s comments.
“For the moment,” he said, “I think we are on a very good track and we now look forward to the next negotiation rounds on the regulation”.
The next trilogue meeting is scheduled for mid-September, after the summer recess.
The best-practice information security approach to GDPR compliance
It’s currently anticipated that the trilogue negotiations will be complete by the end of the year, after which the Regulation should be formally ratified. EU organisations that want to meet the requirements of the GDPR and fulfil their information security obligations are therefore advised to act sooner rather than later. Implementing an information security management system (ISMS), as described in the international best-practice standard ISO 27001, is the sensible option.
An ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification. In addition to this, the external validation offered by ISO 27001 certification is likely to improve your organisation’s cyber security posture while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts – as well as allowing you to meet legal and regulatory obligations.
ISO 27001 implementation resources
IT Governance has led hundreds of ISO 27001 implementation projects around the world. Our ISO 27001 Packaged Solutions provide fixed-price implementation resources and implementation guidance for all European organisations.
The ISO 27001 Get A Lot Of Help package is by far the most popular, combining a comprehensive mix of core ISO 27001 standards and implementation guidance with key implementation tools, attendance at our Live Online masterclasses, and our unique Mentor and Coach service – all at a fixed price.