Prepare for & practice the requirements of EU GDPR

ISMS.online offers a great way to prepare for the EU General Data Protection Regulations (GDPR). They are coming into force in May 2018 and forward thinking organisations are preparing now.

It just got easier with ISMS.online. We have made it easy to follow practices recommended by the Information Commissioner's Office (ICO) and quickly adapt them to meet your local needs too.

Not only does the platform offer a great place to prepare for the regulations, you can also practice many of the EU GDPR ongoing requirements easily with our applicable models, tools and frameworks. This includes awareness building, information audits, subject access requests, privacy by design, privacy impact assessments and data breach management.

You also need to meet the Article requirements for security of personal data, so achieving compliance by following ISO 27001 is a great way to evidence that.  We have also made it very easy and affordable to do so. 


Prepare for EU GDPR and demonstrate accountability

  • Save time and hassle by loading a prebuilt 12 steps framework as suggested by the ICO, in just seconds 

  • Use collaborative areas to work better together with colleagues on addressing the 12 steps with tasks, discussions, document management and notes recording

  • Demonstrate your accountability with effective audit trails, governance and compliance embedded in the way you work

  • Integrate your 12 Steps with other EU GDPR and information security related work quickly and easily

  • Use the project planning and action management capability to assign actions, owners, deadlines and see progress

  • Drive out cost, waste and risk to focus on exactly what you need to do for success and plan your priority investments 


Practice key parts of EU GDPR

 

From the ICO 12 steps you can practice many of the requirements with ISMS.online.  These include:

Step 1: Awareness - Engage easily with collaborative communication tools to inform, consult and task

Step 2: Information you hold - Conduct information audits using project frameworks and collaboration tools

Step 3: Communicating privacy information - Develop & manage privacy policies internally prior to releasing publicly

Step 4: Individuals' rights - Develop & manage your procedures* 

Step 5: Subject access requests - Develop & manage your policies, and track all the work going on

Step 6: Legal basis for processing personal data - Document & demonstrate the basis for processing the data types*

Step 7: Consent - Develop & manage your policies and procedures* 

Step 8: Children - Develop & manage your policies and procedures* 

Step 9: Data breaches - Develop and manage your policies, track and manage data (and wider) security incidents

Step 10: Data protection by design and data protection impact assessments - Ensure privacy by design by following pre-configured models, tools and frameworks, undertake privacy impact screening and assessment, Identify and address informational, physical and legislative privacy risks, map and manage stakeholders needs and consult as required.

Step 11: Data Protection Officers (DPO) - Designate and equip your DPO and their colleagues with the tools needed for success.  Capture and manage the DPO contacts in your data processing suppliers alongside their specific contracts.

Step 12: International - Collaborate elegantly to align practices across jurisdictions that could be impacted by multiple supervisory authorities or a lead supervisory authority.

 

*ISMS.online addresses the strategic information security management system requirements.  For these steps you will use your own personal data management systems e.g. customer record database to implement the policies and procedures for each personal record you hold.

 

You also need a strong posture for demonstrating* security of personal data by controllers and processors. Easily embed and integrate ISO 27001 practices internally and throughout your supply chain by using ISMS.online.

 

*The regulations suggest that 'approved' certifications will be announced.  Complying with ISO 27001:2013 is good for now. Holding an independently accredited certificate will be even better for demonstrating your security posture to powerful customers and interested parties in future. 

 

 

The ISMS was very good before; now it is even better
— UKAS Certified Auditor: September 2015

Enjoy these benefits...

  • Win new or defend existing business - easily demonstrate an integrated ISMS to customers & prospects to earn their trust

  • Lower total cost to deliver and manage the ISMS in life with powerful insights, reports and management time saving

  • Flex your ISMS as you change and grow 

  • Simply create then easily manage your policies and controls to run the business in line with your culture and values

  • Service delivered by an ISO 27001:2013 UKAS accredited organisation, platform and datacentre - a trusted system

  • Focus staff on the work, not how it gets done - free them to deliver business goals 

  • Faster time to certification and new accreditations - with preconfigured tools, frameworks and relevant policies

  • More effectively engage your staff and supply chain - better collaboration and easier use means lower cost and risk

  • Lower threats of information security breach costs and consequences

  • Work on your mobile, your tablet and desktop, when and where you want


See how to prepare for EU GDPR and practice aspects of it quickly and easily right now