Can ISO 27001 help with GDPR?

8 Feb, 2018

Here we explore whether ISO 27001 Information Security Management System can help your business with GDPR compliance.

The deadline for the EU General Data Protection Regulations (GDPR) is fast approaching, with the 25th May now being just over 3 months away.  A question that we get asked a lot is “does having ISO 27001 mean that I am compliant with GDPR?”  Here we explore whether ISO 27001 Information Security Management System can help your business with GDPR compliance.

Any information that your company holds is an asset to your business and therefore needs to be protected. Even more so, with potential fines for failing to comply with GDPR reaching up to 20 million euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors, businesses need to ensure they are doing everything they can to protect data.

The UK Governments 2017 Cyber Security Breaches Survey reported that virtually all UK businesses who were covered by the survey are exposed to cyber security risks and approximately 61% of these businesses hold personal data of employees and customers electronically. The survey also found that 46% of all UK businesses identified at least one security breach or attack in a 12 month period, with these breaches often resulting in a financial loss.

Those businesses who have already implemented the ISO 27001 standard are already half way there in ensuring they are compliant with the new regulations. The standard will help your company coordinate all of your security efforts both electronically and physically, coherently, cost effectively and with consistency.  The processes within ISO 27001 are great best practice for complying with GDPR, such as the disposal of media, physical transfer of media, security of equipment and assets off-premises and clear desk/screen policy. There are many other benefits to this standard to include:

Benefits to you

  • Cost reductions due to avoiding incidents
  • Smoother running of operations as responsibilities and processes are clearly defined
  • Improved business image in the marketplace – customers have peace of mind that the company is trustworthy

Benefits to your customers

  • Working with a trustworthy provider maintains the company’s own integrity to the safeguarding of its data
  • It instils confidence further down the supply chain resulting in stronger client/supplier relationships
  • Having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential/sensitive information

Benefits to your staff

  • Reassurance that their employer is meeting data handling security guidelines
  • Defines clearly and precisely roles and responsibilities therefore job satisfaction and productivity is increased.

So whilst having ISO 27001 does not automatically make you compliant with GDPR, it is certainly putting the foundations and more in place to help you with compliance.

How can ISO Quality Services help?

Whether you are looking to get certified or just require training on information security or GDPR, ISO Quality Services are here to help!

I would like to get certified

Any business of any size, in any given sector can be certificated to ISO 27001, with the whole process taking only 6-8 weeks. The start of the process is an initial assessment by one our expert auditors. This process involves a gap analysis, identifying areas on non-compliance, recommending areas of improvement to meet the requirements and gathering of information to compile documentation.  Once you are certified, we then work with you to implement the standard.  A six monthly review from our expert auditor helps you stay on track with implementation whilst an annual recertification audit helps make sure that you are keeping up with your standards. More information on this certification, including how to be certified can be found here.

I would like to attend a training event

We offer a variety of training courses to include information security and GDPR. A list of our upcoming training events can be found here.

Alternatively, if you wish to discuss your requirements with a member of our team, we can be contacted on 01905 670303 or email info@isoqsltd.com.

Sources:
https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2017

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Beat the Blue Monday Blues!

14 Jan, 2021

Blue Monday, the most depressing day of the year – allegedly!

The third Monday of January was awarded the title of ‘Blue Monday’ due to a combination of post-Christmas blues, cold dark nights, failing our new years resolutions and the arrival of credit card bills!  After a difficult year and Christmas being cancelled for more than 16 million people (let’s not even mention lockdown 3.0), we may be feeling bluer than usual.  Here are our tips for beating Blue Monday and any day for that matter:

Get Our Top Tips for Managing Lockdown 3.0!

12 Jan, 2021

Juggling home working with childcare? Get our top tips for managing the latest UK lockdown including our home working and wellbeing tips!

What Does 2021 Hold for UK Businesses?

11 Jan, 2021

Last year it was reported that the economy would bounce back in 2021 from the COVID pandemic but would be unlikely to recover fully until the end of 2022.  But with the new coronavirus variant and latest lockdown, will this still be the case?

How Will Brexit Affect You?

11 Jan, 2021

The Brexit transition period ended on 31st December 2020 meaning, from the 1st January, the free movement of people and good services between the UK and the EU ended.  Here are some of the key points that may affect your business: