ISO 27001 and the General Data Protection Regulation (GDPR)

Published:

ISO 27001 is a framework for information protection. ISO 27001 focuses on the people, processes and technology of an organisation and ensures that a framework is put in place to prevent breaches and ensure that a proper mechanism is created for reporting, logging incidents and maintaining an organisation’s information security environment.

According to GDPR, personal data is critical information that all organisations need to protect. ISO 27001 provides the means to ensure this protection and wider compliance with this regulation.

ISO 27001 provides a framework for information protection which is a fundamental cornerstone for achieving compliance with the GDPR helping to ensure companies can maintain customer trust and confidence in their ability to handle their personal data appropriately and securely. This paper is intended to help explain how an ISO 27001 framework may assist organisations to establish a solid foundation for GDPR compliance.

The new Regulation

The GDPR will repeal the current data protection legislation when it comes into force on 25th May 2018.This means the Data Protection Act 1998 (DPA) and the European Union legislation it is derived from – the Data Protection Directive, will no longer apply.

It introduces new regulatory requirements, giving individuals more control over the data that organisations hold about them. Working with the Regulation is a legal compliance exercise as well as a technical and security governance exercise.

To download the full paper please use the form below.

ISO 27001 and GDPR