ISO 27001 and GDPR

Have you ever thought about the serious financial consequences in the case of a data breach? Have you ever thought what a lack of information security would mean to your business? What about if confidential and personal data were made public?
In a significant number of companies, Information Security is a low priority, however there can be serious consequences if not managed correctly. It is a legal requirement to manage personal data.

Information security and privacy legislation are related concepts which go hand in hand. Information security protects all kinds of data not only personal data. In turn, the privacy legislation regulates the management of personal data and information. The most important piece of privacy legislation is General Data Protection Regulation (GDPR).

As the need for data privacy increases, an Information Security Management System in accordance with the ISO 27001 standard can protect an organisation and minimise reputational risk.

ISO 27001 can be integrated and audited alongside BS 10012 the personal information management standard.

The GDPR applies to all-sizes and all types of companies. It ranges from a tiny bakery to a giant global group. The GDPR, which has been mandatory since May 2018, is about reshaping how companies manage and deal with data and information. Non-conforming companies may be faced with expensive penalties.

The main aim of the GDPR is to protect against serious data breaches and to harmonise data privacy laws within the entire EU. The legislation covers the whole workforce. In order to comply with the privacy law it is important to create awareness not only among the business’ management but also among the entire staff.

Tracing the type and purpose of the information that your business processes is of major importance, it must ensure that it does request invariably necessary data/information and it must ensure to store the data/information just as long as needed.

Here you can find the GDPR regulation.
GDPR information and FAQs that apply particular to the UK can be found here.

• How can I be sure that my business is in accordance with data protection legislation?
• How to set up an Information Security Policy?
• What can ISO 27001 contribute to Information Security?