Can ISO 27001 help with GDPR?

8 Feb, 2018

The deadline for the EU General Data Protection Regulations (GDPR) is fast approaching, with the 25^th May now being just over 3 months away.  A question that we get asked a lot is “does having ISO 27001 mean that I am compliant with GDPR?”  Here we explore whether ISO 27001 Information Security Management System can help your business with GDPR compliance.

Any information that your company holds is an asset to your business and therefore needs to be protected. Even more so, with potential fines for failing to comply with GDPR reaching up to 20 million euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors, businesses need to ensure they are doing everything they can to protect data.

The UK Governments 2017 Cyber Security Breaches Survey reported that virtually all UK businesses who were covered by the survey are exposed to cyber security risks and approximately 61% of these businesses hold personal data of employees and customers electronically. The survey also found that 46% of all UK businesses identified at least one security breach or attack in a 12 month period, with these breaches often resulting in a financial loss.

Those businesses who have already implemented the ISO 27001 standard are already half way there in ensuring they are compliant with the new regulations. The standard will help your company coordinate all of your security efforts both electronically and physically, coherently, cost effectively and with consistency.  The processes within ISO 27001 are great best practice for complying with GDPR, such as the disposal of media, physical transfer of media, security of equipment and assets off-premises and clear desk/screen policy. There are many other benefits to this standard to include:

Benefits to you

• Cost reductions due to avoiding incidents
• Smoother running of operations as responsibilities and processes are clearly defined
• Improved business image in the marketplace – customers have peace of mind that the company is trustworthy

Benefits to your customers

• Working with a trustworthy provider maintains the company’s own integrity to the safeguarding of its data
• It instils confidence further down the supply chain resulting in stronger client/supplier relationships
• Having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential/sensitive information

Benefits to your staff

• Reassurance that their employer is meeting data handling security guidelines
• Defines clearly and precisely roles and responsibilities therefore job satisfaction and productivity is increased.

So whilst having ISO 27001 does not automatically make you compliant with GDPR, it is certainly putting the foundations and more in place to help you with compliance.

How can ISO Quality Services help?

Whether you are looking to get certified or just require training on information security or GDPR, ISO Quality Services are here to help!

I would like to get certified

Any business of any size, in any given sector can be certificated to ISO 27001, with the whole process taking only 6-8 weeks. The start of the process is an initial assessment by one our expert auditors. This process involves a gap analysis, identifying areas on non-compliance, recommending areas of improvement to meet the requirements and gathering of information to compile documentation.  Once you are certified, we then work with you to implement the standard.  A six monthly review from our expert auditor helps you stay on track with implementation whilst an annual recertification audit helps make sure that you are keeping up with your standards. More information on this certification, including how to be certified can be found here.

I would like to attend a training event

We offer a variety of training courses to include information security and GDPR. A list of our upcoming training events can be found here.

Alternatively, if you wish to discuss your requirements with a member of our team, we can be contacted on 01905 670303 or email info@isoqsltd.com.

Sources:
https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017