Is your organisation ready for GDPR?

After 4 years of research and debate on April 14th, 2016 The EU Parliament finally approved the long awaited General Data Protection Regulation (GDPR). On May 25th, 2018 GDPR will come into effect, at which time any organisation noncompliant will face heavy penalties and fines.

What do you need to do?

Governance and Accountability – An appropriate data management framework should be established (by senior management) to ensure compliance with regulatory requirements and enable continual improvement. The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of individuals residing in the European Union, regardless of the company’s location.

Implementing a security framework and attaining Certification is a clear way of demonstrating your compliance with GDPR.

What are your options?

Certifications are a new feature of formal EU GDPR data protection law. The Regulation expressly recognises certifications from approved and accredited certification bodies as acceptable mechanisms for demonstrating compliance. Certifications can be scalable and there are choices available, depending on the size and nature of the organisation. Certification schemes serve as useful declarations of assurance for consumers interested in engaging with commercial entities that adhere to desired principles and practices.

Certification Europe is an established authority on Information and Cyber Security frameworks and certifications. Certification Europe is an accredited (ISO 17065 as stipulated in Article 43 of the GDPR) certification body and will seek to become accredited as a data protection certification provider with the relevant national authorities as the GDPR certification program is developed.

ISO 27001 is the information security standard 

ISO 27001 Information Security Management Systems is the international best practice standard for information security. ISO 27001:2013, the current version of the standard, provides a set of standardised requirements for an information security management system (ISMS). ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personal data and in particular, it specifies controls within ISO/IEC 27001, taking into consideration the regulatory requirements for the protection of personal data.

ISO 27001 certification is suitable for any organisation, large or small, and in any sector.  The standard is especially suitable where the protection of information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also very applicable for organisations which manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies.

Cyber Essentials

Cyber Essentials (CE) is a cyber security certification scheme that offers a sound foundation of basic IT security controls that all types of organisations can implement and potentially build upon. Implementing these controls can significantly reduce an organisations vulnerability. The scheme specifies five key areas of IT security control that can help to prevent around 80% of known cyber-attacks. Cyber Essentials is for organisations of all sizes and in all sectors. The Cyber Essentials scheme provides businesses large and small with clarity on good basic cyber security practices.

Implementing these controls can significantly reduce an organisations vulnerability “and address core GDPR compliance concerns by adding protection and controlling access to data.

If you wish to learn more about what is required to be compliant to GDPR contact our team today.

Phone 01 642 9300



Person with laptop and hardhat
Robert Lyons
Robert Lyons


Related ISO Certifications

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 is the international standard for quality management specifically …

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …

Related Insights

Pharmaceutical Risk Management – health and safety checklist

Read our guide to pharmaceutical risk management and learn how to reduce health and safety risks to…

Going green – sustainability challenges for businesses and how to overcome them

Discover the sustainability challenges Irish businesses face and read our guide to becoming a sustainable business and…