The European Data Protection Directive was adopted in 1995 and updated in 2003. It aims to regulate the processing of personal data in the EU by automated as well as non-automated means.
EU Member States are obliged to implement their own data protection legislation based on the Directive’s rules and, as a result, interpretation of the Directive – and therefore European data protection legislation – varies from country to country.
The proposed General Data Protection Regulation (GDPR), which will supersede the Directive, will unify data protection legislation and enforcement across Europe when it is implemented. Organisations across Europe are advised to get ahead of the curve and address the business-critical issue of data protection now before the Regulation’s implementation in – it is estimated – late 2014.
Organisations must realise that hardware and software solutions alone are not enough to protect them from cyber threats and that a broader information security approach is needed. The three fundamental domains of effective information security are people, process and technology. Information security therefore addresses the security of data in all forms, and covers paper documents, physical security and human error as well as the handling of digital data.
ISO27001 is the internationally recognised best-practice Standard that lays out the requirements of an Information Security Management System (ISMS) and forms the backbone of every intelligent cyber security risk management strategy. Other standards, frameworks and methodologies need ISO27001 in order to deliver their specific added value.
To find out more about how ISO27001 can help your organisation improve its information security posture and comply with the forthcoming EU legislation, download our free green paper, Information Security and ISO27001>>
Visit our information page for more for more guidance on European data protection legislation >>