ISO 27001 can help companies achieve compliance with the EU GDPR, says IT Governance


IT Governance, the leading supplier of cyber security and data privacy products, urges European organisations to get started now on compliance with the new EU General Data Protection Regulation (GDPR), which was formally approved by the European Parliament earlier this month.

Designed to empower and give EU citizens better control over their personal data, the EU GDPR will come into force in May 2018. Organisations within the European Union and those working with EU data subjects’ personal data have only a two-year transition period to make all the necessary changes to their data privacy management practices in order to be in compliance with the new Regulation by the time it comes into force.

Alan Calder, the founder and executive chairman of IT Governance, says: “There’s a lot of work to do. Now is the time for organisations to start the compliance process. Decision-makers and senior management need to appreciate the potentially wide-ranging impact the new EU GDPR will have on their organisations. Companies should review their current privacy practices and put a plan in place for making all the necessary changes before the GDPR comes into force in 2018.

The GDPR requires a risk-based approach to ensure that measures are taken according to the risks affecting data held by the organisation. Non-compliance with the new Regulation may result in penalties of up to 4% of annual global revenue or €20 million, whichever is greater.

To avoid costly fines for data breaches, organisations need to take a proactive approach by undertaking a detailed data security audit against the new EU Regulation,” says Calder.

The ISO/IEC 27001 information security management system (ISMS) standard can provide an effective solution for organisations looking to demonstrate appropriate technical and organisational measures that comply with the various legal obligations in the new EU GDPR.

IT Governance’s specialist privacy consultancy team has wide-ranging expertise that can help organisations develop compliance processes that meet the requirements of the EU GDPR by 2018.

To find out more about the implications that the EU GDPR could have for your organisation, please visit IT Governance’s website, contact the consultancy team direct at or call them on 00 800 48 484 484.

SAVE 25%