EU GDPR hails a new era of data protection where tick-box compliance is replaced by understanding and accountability.
Back in January Elizabeth Denham, the UK GDPR and accountability to the Institute of Chartered Accountants., delivered a speech on
The message was clear,
“The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.”
Elizabeth Denham, UK
The GDPR regulation replaces the currentin only 10 months time. It focuses on you as a controller of (PII) related to customers, sales prospects, and personnel. It also focuses on you as processor of others valuable .
The enormity of GDPR and its implications for business of all sizes is just beginning to hit home for many.
But why is that?
Because you can’t have information security. Deeper than that, the GDPR requirements span processes, people and technology, cutting across the entire organisation and requiring a cultural sea change, or indeed ‘C’-change, for many.without protection and you can’t have protection without
But where to start with GDPR?
Whilst Denham refers to frameworks, mitigating risks and creating cultures, there is currently no recognised GDPR ‘framework’ to follow or indeed a certification that can demonstrate to regulators and customers that you are compliant.
The benefit of following a framework is the proven structure has already been defined saving an enormous amount of time. And, with time running out, why build a framework when there is already something that will get you a significant way there?
Some quote NIST Cyber Security and Cyber Essentials as useful approaches. Unfortunately, they are not in themselves adequate for meeting regulatory requirements around information security for GDPR.
ISO 27001 and GDPR
However,does satisfy many of the GDPR requirements and is an over-arching Information Security Management System (ISMS) governance framework. It’s also the internationally recognised best practice ISMS framework, the only one to cover process, peopleand technology in the mitigation of risks surrounding all valuable information assets, for example IP and financials, and not just PII.
In usingyou can turn your GDPR challenge into an opportunity.
Taking your organisation from purely meeting the regulatory requirements to demonstrating an externally accredited ISMS requires just a little more effort. However, it will deliver greater organisational benefits in terms of new business opportunities, strengthened data information security throughout your own organisation and that of your supply chain and, ultimately, reduced risks.and
Are you ready to demonstrate GDPR compliance? The good news is there’s still time!
By May 2018 organisations must be able to demonstrate compliance with GDPR or risk not only costly breaches, but regulatory investigations and a far more punitive application of fines.
The UK GDPR with a set of simple self-assessment toolkits to gauge readiness for GDPR in terms of data protection, information security and management of records.Office, is helping organisations prepare for
Regulators will be looking to see that you have understood and managed the data risks, have documented procedures in place, and have full staff awareness and engagement in data.
Using ISMS.online you can accelerate your GDPR preparation to meet the pending deadlines.
With ISMS.online you can:
follow frameworks to prepare for GDPR, collaborating across teams to achieve your goals
use online tools for Risk and Incident management, Privacy Impact Assessments, and Subject Access Requests
evidence staff communications and training for data privacy and information security
use the foundations of ISO 27001 to demonstrate you meet the security requirements of GDPR.