GDPR Frequently Asked Questions

22 Feb, 2018

Whilst having an ISO Standard can help with GDPR, it does not make you compliant! We have put together some FAQ’S to help you understand your options.

Does having an ISO Standard mean I’m GDPR compliant?

In a word, no.

Even having the Information Security Standard (ISO 27001) doesn’t make you fully compliant, although it helps significantly.

Although we can help you achieve compliance in three different ways (as outlined below), every business including those running internationally recognised management systems will need to take steps to review their data and update their policies and procedures.

Why is GDPR a buzzword at the moment?

GDPR is a beefed up version of Data Protection. It has been a regulation for a while but becomes legislation on the 25th May.  That’s when businesses run the risk of big fines from the ICO Information Commissioner’s Office. The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  Whilst GDPR will apply from 25th May 2018, it is an ongoing matter that your business will need to continually comply with.

We don’t know what to do, can ISO Quality Services help?

Whilst GDPR can seem a little daunting, here at ISO Quality Services we pride ourselves on keeping it simple.  Whether you’ve been putting off your GDPR preparations or have made a start but feel you require guidance, ISO Quality Services can help in three ways:

  1. GDPR training

We offer a one-day interactive workshop that uses business scenarios to introduce the new legislation and provide an overview of the steps that businesses will need to take as dictated by law to become compliant.

By the end of the day, you’ll be able to:

  • Understand what the EU GDPR is and why the law is changing.
  • Explain what has changed from the Data Protection Act 1998 and what is expected going forward.
  • Understand what the impact of the EU GDPR means for your business.
  • Be able to formulate a plan of action.

Further information on this course can be found here.

  1. GDPR consultancy

We appreciate that every business is different and each will manage their data in different ways.  We can therefore arrange for one of our GDPR consultants to come into your business and provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email info@isoqsltd.com.

  1. We can help you implement ISO 27001

Businesses with ISO 27001 are already half way to achieving compliance. Certification is normally achieved in eight weeks, regardless of the business size or sector.

One of our expert auditors will carry out an initial assessment.  This process involves a gap analysis, identifying areas of non-compliance, recommending areas of improvement to meet the requirements and the gathering of information to compile documentation

Once you are certified, we work with you to ensure you stay on track. We help you monitor your progress with a six monthly review from our expert auditor and an annual recertification audit. We also provide over the phone support all year to help you keep on top of things.

More information on ISO 27001 certification can be found here.

I already have ISO 27001, do I need to worry about this?

You do, but you’ve already got an advantage in that many of the processes within ISO 27001, such as disposal of media and security of equipment, are great best practice for complying with GDPR.  If you require any help, we can arrange for one of our consultants to conduct a gap analysis to help bring you up to compliance.  Alternatively, take a look at one of our upcoming GDPR training courses.

We’re an existing client, is GDPR included in our package?

The GDPR is not a change to an international management system, it’s a fundamental shift in the way data is used and stored within your business’s operations. As such, we cannot issue an update to a manual to help you achieve GDPR compliance.

To give another example, if we help a client run a BS 18001 Health & Safety management system and new H&S legislation comes in, such as a change to manual handling, our client will still need to make operational changes to ensure compliance with the new legislation.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Unleashing the Power of Online Reviews

9 Jun, 2023

Clause 9 is a critical aspect of a well-functioning management system.  The ISO 9001 Quality Management System (QMS) places a strong emphasis on customer satisfaction and the need to measure, evaluate and improve performance.  But what impact do online reviews have on your business’s performance evaluation?

Read More

Ethos Group Become a SSAFA Corporate Partner

11 Apr, 2023

When we heard the news that Ethos Group had become Corporate Partners of fellow clients SSAFA, we wanted to share the amazing work they’ve been doing for the defence and armed forces community. 

Read More

Egg-cellent Support for Worcester Foodbank

4 Apr, 2023

The ISO QSL Good Egg Awards returned once again to support Worcester Foodbank, receiving an egg-cellent response of over 150 nominations.

Read More

The Return of ISO QSL Annual Charity Golf Day!

4 Apr, 2023

We are thrilled to announce the return of our annual charity Golf Day on Tuesday 13th June at Bransford Golf Club. It’s not just a Golf Day. This event is all about raising money for Midlands Air Ambulance Charity!

Read More