GDPR & ISO27001
GDPR & ISO
The General Regulation for Personal Data Protection (GDPR) entered into force on 25/5/2018, concerns all businesses processing personal data and provides for increased fines in the event of a breach. It requires by those falling under its scope “to implement the appropriate organisational and technical measures” to be able to prove that personal data are lawfully collected, processed and protected by design and by default. Purplan Management Services Ltd, has developed a business compliance program with the Regulation.
– Diagnosis of existing situation
– Data Flow Mapping
– Business Succession Planning
– Detection of deviations
– Privacy Impact Assessment
– Drafting a Compliance Plan
– Development and implementation of data and information security system
– Employee Training
Purplan has implemented quite a number of projects to support companies to comply with the General Data Protection Regulation (GDPR) and /or (if they wish to) be certified according to the ISO 27001 standard. Certification is optional but it still may serve (a) as a marketing tool towards clients and (b) as a tool that may result in avoiding a potential in site audit by the Commissioner’s office. The ISO 27001 standard stands for “Information Security Management System”. When a company manages in a secure way its information it is obvious that it manages in a secure way the personal data that it collects and processes. On the other hand, the ISO Standard provides the worldwide acceptable framework for the implementation of the Organizational and Technical measures required by the Regulation. The Cypriot Commissioner has announced GDPR compliance measures to be followed by the Organizations falling within the Scope of the GDPR; these measures are precisely following the ISO 27001 methodology. Even if Certification according to the ISO 27001 Standard is not a prerequisite in complying with the GDPR it still has a high impact to clients and the competent authority.