Coming into effect on 25 May 2018, the EU General Data Protection Regulation (GDPR) will supersede all EU member states’ current national data protection laws, bringing a standardised approach to data protection throughout the EU. The Regulation also brings with it a new suite of enforcement powers for supervisory authorities throughout Europe to penalise companies that are found to be non-compliant, with fines of up to 4% of annual global turnover or €20 million, whichever is greater.
Several supervisory authorities have already highlighted ISO 27001 as a model of best practice that will provide good evidence of intent and effort to comply with the GDPR.
What is ISO 27001?
ISO/IEC 27001:2013 is the international standard that describes best practice for an ISMS (information security management system). Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.
How can ISO 27001 help with GDPR compliance?
Having an ISMS certified by an accredited certification body is concrete evidence that an organisation is in a strong place with regard to GDPR compliance. This is the benefit of third-party validation, and is why ISO 27001 is highly regarded as superior to self-certification schemes.
ISO 27001 not only addresses the need to comply with legislation through a systematic set of policies and processes, it also offers a reference set of controls. These controls, while they may not be exhaustive, can be readily leveraged to provide appropriate “technical and organisational measures”, as required by the GDPR.
How can you become ISO 27001 compliant?
ISO 27001 certification requires organisations to prove their compliance with the Standard with appropriate documentation, which can run to thousands of pages for more complex businesses. With this toolkit, you will have all the direction and tools at hand to streamline your project. Designed and developed by expert ISO 27001 practitioners, and enhanced by over ten years of customer feedback and continual improvement, this ISO 27001 toolkit provides all of the information security management system (ISMS) documents you need in order to comply with the Standard.
These toolkits integrate with one another, reducing duplication, and saving on the time and costs of your GDPR and ISO 27001 projects.
Drawing on 10 years of practitioner-led development, we have successfully supported best-practice implementation and certification for thousands of organisations worldwide that have used our pre-written templates.