The General Data Protection Regulation (GDPR) document runs to several hundred pages. A large document to read and analyse, as a business you need a consultancy that can decipher what is required for your business to be compliant – and in time for the end of May 2018.
The good news that the GDPR document mentions not just once, but several times is ISO 27001. There is no denying that this standard provides an excellent starting point for achieving both the technical and operational requirements to prevent a data breach under GDPR, an instance of which could cost you dearly.
New Year Tactics
With the New Year on the doorstep and the GDPR deadline looming, we can help you reach compliance and with ISO 27001 under your belt, you are more than halfway there.
#1 Adopt appropriate policies
GDPR states clearly that an organisation must adopt “appropriate policies, procedures and processes to protect personal data that they hold”.
Article 32 requires that you need to:
- Take effective steps to encrypt or pseudonymise personal data
- Ensure ongoing integrity, confidentiality, availability and resilience of processing systems
- It also states you need to restore access and availability of personal data as soon as possible after any breach
- It also requires your organisation to regularly test, assess and evaluate security measures you use to protect data
If your organisation carries the current ISO 27001, your quality management system should be relatively complaint with these four requirements of Article 32. However, it is essential that you check and do not rely on ISO 27001 as being the basis of your compliance.
Tactic – consider an independent audit via Synergos Consultancy to test your current ISO 27001 compliant status against every aspect of GDPR.
#2 Data Breaches
It can, it does, and it has happened. From a disgruntled employee releasing data such as in the case of Morrisons or outside agencies gaining access to customer data as seen across many organisations and businesses, you need to be confident you have everything in place possible to prevent a data breach.
GDPR states in Article 32 that businesses and organisations should take notice of best practice when it comes to data security measures and control.
Tactic – consider gaining ISO 27001 as part of GDPR compliance process.
Data breaches once GDPR is in force will bring about significant financial impact on an organisation in the shape of fines. As an organisation, you need to think tactically about how to reduce the possibility of a data breach.
Finding where data is kept, identifying the risk, taking appropriate measures, implement policies and control, conduct regular tests and audits, review policies regularly and implement a robust quality management system.
Is ISO 27001 Enough?
It would be easy to fall into the trap that with ISO 27001 under your belt that it is enough to comply with GDPR.
Tactic – make contact now with Synergos and undergo an independent audit to determine what works needs to be done to reach GDPR and schedule the work so that your company is compliant by late May 2018.
How can we help you?
If you’re in need of assistance with any aspect of GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email firstname.lastname@example.org and we’ll be happy to talk it over with you.