Is your organisation ready for GDPR?
After 4 years of research and debate on April 14th, 2016 The EU Parliament finally approved the long awaited General Data Protection Regulation (GDPR). On May 25th, 2018 GDPR will come into effect, at which time any organisation noncompliant will face heavy penalties and fines.
What do you need to do?
Governance and Accountability – An appropriate data management framework should be established (by senior management) to ensure compliance with regulatory requirements and enable continual improvement. The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of individuals residing in the European Union, regardless of the company’s location.
Implementing a security framework and attaining Certification is a clear way of demonstrating your compliance with GDPR.
What are your options?
Certifications are a new feature of formal EU GDPR data protection law. The Regulation expressly recognises certifications from approved and accredited certification bodies as acceptable mechanisms for demonstrating compliance. Certifications can be scalable and there are choices available, depending on the size and nature of the organisation. Certification schemes serve as useful declarations of assurance for consumers interested in engaging with commercial entities that adhere to desired principles and practices.
Certification Europe is an established authority on Information and Cyber Security frameworks and certifications. Certification Europe is an accredited (ISO 17065 as stipulated in Article 43 of the GDPR) certification body and will seek to become accredited as a data protection certification provider with the relevant national authorities as the GDPR certification program is developed.
ISO 27001 Information Security Management Systems is the international best practice standard for information security. ISO 27001:2013, the current version of the standard, provides a set of standardised requirements for an information security management system (ISMS). ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personal data and in particular, it specifies controls within ISO/IEC 27001, taking into consideration the regulatory requirements for the protection of personal data.
ISO 27001 certification is suitable for any organisation, large or small, and in any sector. The standard is especially suitable where the protection of information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also very applicable for organisations which manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies.
Cyber Essentials (CE) is a cyber security certification scheme that offers a sound foundation of basic IT security controls that all types of organisations can implement and potentially build upon. Implementing these controls can significantly reduce an organisations vulnerability. The scheme specifies five key areas of IT security control that can help to prevent around 80% of known cyber-attacks. Cyber Essentials is for organisations of all sizes and in all sectors. The Cyber Essentials scheme provides businesses large and small with clarity on good basic cyber security practices.
Implementing these controls can significantly reduce an organisations vulnerability “and address core GDPR compliance concerns by adding protection and controlling access to data.
If you wish to learn more about what is required to be compliant to GDPR contact our team today.
Phone 01 642 9300