Businesses need not wait for the final version of the EU General Data Protection Regulation (GDPR) before implementing appropriate measures for improved data security.
Below I have listed some important articles and pieces of information that I recommend taking the time to read if you are interested in Europe’s data protection reforms and/or you are involved in implementing effective data security in your organisation.
- Data Protection Directive (95/46/EC) – General Information
- Parliaments from 16 EU member states call for rapid adoption of the Data Protection Regulation
- Revised EU data protection in effect already, says lawyer
- Network and Information Security (NIS) Directive – General Information
- The right to be forgotten trumps Google in EU courts
- A brief summary of how the EU data protection regulations will affect your business
- How Data protection reform will affect you
If you have found the proposed GDPR requirements overwhelming and daunting you’re not alone. Many organisations throughout Europe will have to radically improve their information security management systems to comply with the new requirements, and to create a safe information framework for both customers and stakeholders.
Attaining accredited certification to ISO27001, the internationally recognised information security standard, will support your adherence to the GDPR while also making your organisation cyber secure. The controls you select will enable you to build a robust ISMS that can be adapted to meet EU data protection laws as and when they come into effect.
There is no reason for businesses to wait for the final version of the GDPR before taking action to implement appropriate measures for improved data security. According to Computer Weekly Europe: “EU data protection regulators are acting as if the regulation were already in force on key points, and there will be little excuse for being unprepared when the new law comes into force, whatever it looks like”.
ISO27001 is the only auditable international standard for information security management systems, and demands the selection of adequate and proportionate security controls. It is therefore extremely helpful in meeting regulatory and legal compliance requirements.