The new regulation reinforces best practices within the DPA (Data Protection Act) and PECR (Privacy and Electronic Communications Regulations) already in force in the UK.
A major factor that has made organisations take more notice of GDPR than the existing regulations are the significant fines that can be handed out for non-compliance:
Up to €10 million or 2% of annual global turnover of the previous year, whichever is higher. Or, up to €20 million or 4% of annual turnover of the previous year, whichever is higher. *
Organisations that are already certified to ISO 27001 have a head start to help them comply with GDPR.
Certification will require a robust and auditable Information Security Management System (ISMS). This provides a solid base to meet GDPR.
The route to certification will include the implementation of a range of security and data management processes that are also relevant to GDPR compliance, including:
- Regulatory and contractual compliance.
- Risk assessment.
- Security of systems and data.
- Reporting of a breach to regulators and individuals affected.
- Management process and control.
- Data access control.
- Encryption of data.
- Continuous evaluation and improvement.
- Improved communications to employees and customers.
Compliance with ISO 27001 goes beyond the requirements of GDPR and includes business continuity planning in the event of an incident, improving management processes and increasing profits by:
- Carrying out risk assessments that will identify where data is held and areas that need to be improved to minimise threats to data security.
- Giving customers greater confidence, through audits, that their data is being used correctly and is in safe hands.
- Improving resilience to threats within the organisation and from external sources.
- Providing effective procedures that will help the organisation to recover following an incident.
- Improving tendering prospects for new business, particularly Public Sector, when compliance with certain standards are mandatory.
Call one of our team on 0121 241 2299 to discuss how ISO 27001 can help you meet your GDPR obligations.