Cork Roadshow Roundup

The Certification Europe Roadshow packed its bags last week and headed south-west to Co. Cork on the second stop of the ISO 27001 Roadshow INFOSEC vs GDPR. The venue for our second seminar was the Clayton Hotel located just off the River Lee.

The line-up consisted of Michael Brophy (CEO of Certification Europe) and Brian Honan (BH Consulting), with special guest speaker Sean Griffin of Poppulo (formerly Newsweaver).

Brian Honan kicked off the seminar discussing the four-letter abbreviation that is having many organisations break into a cold sweat – GDPR, the General Data Protection Regulation.


Brian began his talk explaining how the new regulation is more stringent on consent and that users have more control over their data. Consent from the user must be clear and the user must know exactly what they are signing up for. Organisations must provide a clear definition around what they will be doing with the data. Users will now have the right to be forgotten and have the option to edit their data. Now obviously there are exceptions to this rule; you cannot tell the Revenue Commissioner to forget you exist, but you can contact your bank and they must edit your information if it is found to be out of date or non-relevant. From May 25th if an individual contacts your company requesting to see the data you have on them you must respond with 30 days of initial contact.

Brian Honan - BH Consulting ISO 27001 Roadshow in Cork

Financial Cost

Brian went on to add that the repercussions of a data breach are not just from the regulator but can come from individuals themselves. Brian said, “Data protection is not just a company issue but a personal issue”. Under GDPR users can sue organisations over a data breach based on the “stress and concern” the breach has caused them. Users will also have the legal right to sue the individual from within the company who caused the breach in the first place. It will then be up to the organisation or individual, depending on the case, to prove the GDPR regulations were in place and upheld to the best of their ability.

Take Action

This lead into what organisations can do prepare for this situation. The key is to put systems and procedures in place to show you’re demonstrating compliance with GDPR. The most common reason for a data breach is not a sophisticated hack, but human error from an individual within your organisation or supply chain. One of the most important steps your organisation can take in its journey to GDPR is training. Awareness of possible threats and pre-empting them are key. Training everyone in your organisation from the top down can make the difference in preventing a breach.

Sean Griffin Poppulo ISO 27001 Roadshow in Cork

Poppulo Journey

Our guest speaker for the Cork event was Sean Griffin from Poppulo (formerly Newsweaver). Sean highlighted the overlap in GDPR and ISO 27001, and how many of the measures in place make Poppulo more prepared for GDPR. Sean said, “documentation is key” for successful implementation of ISO 27001. It took Sean and his team 9 months to get ready for certification as they also had to their “day jobs”.

Sean discussed Poppulo’s journey to ISO 27001 certification. Sean told the delegates how the standard is not only helping them in their journey to GDPR compliance but also explains how the information security standard has helped Poppulo grow from a team of 60 to 150 in the last three years.

Growth with ISO 27001

Sean focused on the aspect of continuous improvement which is a huge part of ISO 27001. He explained that it allowed them to review every aspect of how they manage their data and to continuously improve systems and increase the scope of the system within Poppulo. Sean also explains how the management system helps them protect their brand by managing potential risks before they cause an issue. This has been a key factor in their growth over the last three years. In the last three years, they increased from a team of 60 to 150 in 36 months.

Sean explained that not only do you need to review your own systems, but you must contact any organisations that you outsource to and ensure they are also protecting the data they have available to the same standards you set. Poppulo is now turning away suppliers they believe are not up to their standard of data management which could damage their brand. This awareness was only possible from the implementation journey they have taken with ISO 27001

Common Misconceptions

Sean final point was about the audit process and never think the auditor is out to get you which brought us nicely to the finale of the seminar. Michael Brophy, CEO of Certification Europe. Michael’s spoke about common misconceptions about ISO 27001. Michael focused on the flexibility of ISO 27001 and how it can adapt to suit the needs of an organisation.

For many in the room, that morning it was clear the takeaway from this morning was how ISO 27001 can help them in complying to GDPR over the next 9 months. Michael stressed that organisations do not need to implement the information security standard to the entire company at once, but can start with an analysis of key data assets and then move from there.

People and Technology

Human error from a member of staff is the most common reason for a data breach. ISMS such as ISO 27001 brings people and technology in line with the aim of reducing risk and enforcing compliance. It is not an automated software that you run to keep it everything safe. Michael explained that organisations are using ISO 27001 as a method to bring in awareness to all members of staff from the top down of the dangers of a breach and also how to deal with a data breach if one occurs. GDPR is about ensuring the Data controllers are doing everything possible to not only protect user’s data but also ensure data is not being misused.


The seminar concluded with lively Q&A session with questions about GDPR, Data Protection Officer and ISO 27001. For many in the room that morning it was clear the takeaway was how ISO 27001 can help them in compliance to GDPR over the next 9 months and that protecting data from hacks is not the only threat to your brand. Training and awareness of staff are crucial to a secure system.

If you missed our first two seminars there is still time to register for our Athlone and Belfast events taking place November 9th & 16th respectively.


Venue: Radisson Blu Hotel Athlone, Northgate Street, Co. Westmeath.


Venue: Merchant Hotel,
16 Skipper St, Belfast BT1 2DZ, UK


If you wish to learn more ISO 27001 you can join our mailing list here, or if you wish you can speak to one of our advisors about ISO 27001 and GDPR.


Robert Lyons
Robert Lyons


Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…