GDPR countdown begins

May 25th 2016 will now be known as a significant date in the history of data security in Europe. Companies across the EU now have two years (May 25th  2018) to ensure they are compliant with General Data Protection Regulation.

The objectives of the GDPR is to give back control of personal data to citizens plus simplify regulations for international business with the European  Union. Data Protection regulations to date are a complicated affair, primarily down to each EU country having slight differences in their interpretation of  it. GDPR will end this confusion and varying interpretations and place all EU countries to the same regulations.

From an Irish perspective this adds security to the fastest growing economy in Ireland. The digital economy contributes 5% of national GDP and is growing  at approximately 20% annually. Nine out of the top ten global software companies, all of the top ten global ICT companies, and the top ten “born on the  Internet” companies possess significant operations in Ireland. Protecting and sustaining this investment, which provides employment for over 100,000  people, is a vital priority for Ireland.

 GDPR road to approval has been a slow one. Conversations about GDPR began in 2012 with final approval only granted April of this year. It is now up to  companies in the next two years to get in line. This timescale provides companies with more than enough time to get in line with GDPR, however a recent  survey carried out by YouGov & Netspoke revealed only one in five companies feel they will be GDPR compliant by the deadline. Eduard Meelhuysen, VP at  Netskope said decision makers need to take a step back to get a better understanding of the current state of their data.

Another survey by Trends Micro revealed that 20% of UK IT decision makers are still unaware of GDPR existence and what is more shocking from this survey almost a third that did know about GDPR didn’t think the regulation was relevant to their organization or were unsure.

The figures are not much better on the mainland either. A survey carried out in UK, France and Germany revealed only 12% of companies surveyed said they felt ready for GDPR and 40% of French companies didn’t even know GDPR existed.  68% said that it would require investment in new technologies to meet GDPR regulations. However, whilst the financial burden of compliance will be a significant one for businesses, it looks like the burden of non-compliance will be a whole lot harder to swallow. According to a report from IT Governance companies who had data breaches on average paid fines of £52,000.

The search for compliance begins

Based on these results it is clear the next two years will be a busy time for many IT departments across Europe. For many a good place to start will be educating yourself on what GDPR is and then evaluate your company on what needs to be done to reach compliance. Once you understand what is involved then you will need to plan how you will achieve it.

To help start the process we have put together some questions you should ask yourself. It is vital that organizations understand who, what, why, where and when of all the Personally Identifiable Information within their control.

  • Whose details do you have? The data you possess on your clients and possible prospects is not the only data you need to consider. Data about your staff, suppliers and any other individuals will need to be considered.
  • What details do you have? Name and contact details are the obvious data that comes to mind but do not forget about transactions and interactions such as emails, IP Addresses, Website visits etc.
  • Why do you have the data? Ask yourself why was it gathered and do you need all the information. Why keep data that is simply not relevant to your organization.
  • When was the data gathered? Plus, is the data still relevant since first procured. Does the data still need to be retained?
  • Where is the data located? Establish where the data is stored and what is the data journey in between? What systems does the data sit on and how safe is it? How does it get there and what third party access is there?

How to achieve compliance?

The most cost effective and least time consuming method to achieve compliance for GDPR is to incorporate an information security management system that brings your company in line with GDPR regulations, but is also recognized globally and provides confidence to your clients that you take Cyber security seriously and that your organization does all it can to protect their client’s data from a possible cyber-attack.

With the GDPR coming in data location will become an important factor and certification to standards like ISO 27001 will become the minimum for organizations to become compliant to GDPR. To sum up now that GDPR will be in effect being certified with ISO 27001will help you meet GDPR regulations and it will provide with an advantage over your competitors.

ISO 27001 Information Security

The best solution to meeting GDPR regulations and providing you the best possible framework to protecting your organizations data is achieving ISO 27001 Certification. By integrating a robust information security management system your organization can ensure that the quality, safety, service and product reliability of your organization has been safeguarded to the highest level.

The ISO 27001 Information Security Management system (ISMS) standard provides a framework for Information Security Management best practice that helps organizations

  • protect clients and employee information
  • manage risks to information security effectively
  • achieve compliance
  • Protects the company’s brand image.

If you wish to learn more and find out how ISO 27001 can help your organization, you can join one of our training courses on how to implement ISO 27001 to your organization. The training course gives attendees an extensive overview in what it takes to be ISO 27001 certified.

Full details on our course can be found here

About ISO 27001 

ISO 27001 Self Assessment

Training Course

Whitepapers

 

 

Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

ISO Standard Certification Transfer

ISO Certification Transfers Transfer your ISO Certification to Certification Europe Get a Quote ISO …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How your business can benefit from green credentials and ISO 14001

With a global focus on sustainability, here’s how your business can benefit from green credentials and the…

Five ways to build a sustainable supply chain

Discover how sustainable supply chains are an important step towards greener Irish business and read our guide…
Previous
Next