The Information Commissioner’s Office (ICO) today announced an open consultation on certain draft guidance relating to elements of the General Data Protection Regulation (GDPR).
The main area of the ICOs consultation is around contracts and liabilities between data controllers and processors. There is already a requirement in the current Data Protection Act‘s principle 7 relating to security measures. In the draft guidance of the GDPR however, the regulation requires much more detail when it comes to contracts. Organisations will be required to, when writing contracts, aim to set high standards, as well as protect the interests of their data subjects.
These contracts relate directly to the data processors that are employed to handle your data, as well as when they then employ another processor to work on their behalf.
ISMS.online will save you time and money towards ISO 27001 certification and make it simple to maintain.
Information Security Manager, Honeysuckle Health
We started off using spreadsheets and it was a nightmare. With the ISMS.online solution, all the hard work was made easy.
A data processor is generally considered to be a third party that processes personal data for another organisation. The responsibilities and liabilities the data processor are given new consideration in the GDPR, relating to the payment of damages and fines in the event of a breach.
You have until 10 October to submit your views in the ICOs open consultation, which will be published late 2017. So what do you think about the proposed guidance? Do you see it affecting you and your organisation?
100% of our users achieve ISO 27001 certification first time