GDPR Privacy Compliance Framework
A PCF (privacy compliance framework) provides a structure for managing personal data that an organisation can use to comply with the EU GDPR (General Data Protection Regulation).
Organisations that have not developed their own PCFs can use a standardised framework to ease their path to GDPR compliance.
Meanwhile, organisations that do have PCFs can obtain certification to national and international standards to demonstrate to supervisory authorities that due diligence and compliance efforts have been made.
Standardised compliance frameworks
The three key components of a PCF are an accountability framework, compliance with data protection principles, and management systems.
There are currently two recognised standards or frameworks that could be used as part of a PCF to demonstrate GDPR compliance: a BS 10012:2017 PIMS (personal information management system) and an ISO 27001:2013 ISMS (information security management system).
GDPR consultancy services >>
Certification to ISO 27001 demonstrates that your organisation follows information security best practice, and delivers an independent, expert assessment to determine if your data is adequately protected. Internationally recognised, it is sector-agnostic, does not favour any one technology or solution, and can be used by organisations of any size.
The ISO 27001 risk-based approach to implementing information security controls is an excellent way to meet the GDPR requirement that organisations implement appropriate technical and organisational controls to ensure the “confidentiality, integrity and availability” of processing systems and services.
Learn more about ISO 27001 >>
Speak to an advisor
Please contact our GDPR team for advice and guidance on our products and services