It is now less than a year until the EU’s General Data Protection Regulation (GDPR) movesout of its transitional phase and becomes fully implemented. Furthermore many companies admit they are ill-prepared for the change.While one of the biggest concerns is the security of their stored data. Many are concerned how they can make their stored data GDPR compliant.
What does being GDPR complaint mean?
Among the points picked out in the Information Commissioner’s Office (ICO) summary of the GDPR are that organisations must demonstrate principles of accountability and data protection, with an emphasis on minimising the amount of data held, making it transparent and treating data security as an ongoing priority. What’s more, under the GDPR, organisations will have a duty to report any breaches too.
How does ISO27001 tie in with GDPR?
The stress and financial impact of data security breaches can be kept to a minimum. By adopting a proactive rather than reactive approach. Taking steps towards ISO27001 certification is an excellent way to make sure you are meeting security standards. As is GDPR formally coming into effect in May 2018. There is little time to lose in making sure you avoid any nasty surprises.
Many of the mandates of ISO27001 meet the requirements of the GDPR, such as:
– Regular and thorough risk assessment (as identified in Article 32 of the GDRP). Also taking ongoing steps to ensure the confidentiality and security of data.
– An active approach to network security, including the installation of anti-virus software and a vigilant guard against malware.
– A backup and disaster recovery plan to ensure that if the worst happens, data is retrievable. Also that breaches should be reported quickly and accurately.
What if I don’t comply with GDPR?
Once GDPR takes full effect, research suggests that fines for non-compliance will become much heavier and more frequent than current ICO ones. But more damaging than any fine is the devastation that the growing problems of cyberattacks and loss of data can cause to your business. This makes a lax approach to GDPR a risk you simply can’t afford to take.
Get your stored data GDPR compliant
At Ten Ten Systems, we have ISO27001 accredited processes. Giving you the peace of mind that they meet international standards and slot easily into the GDPR jigsaw. For an informal discussion on how to be GDPR compliant, ISO27001 and data security, why not get in touch or call in at our offices?
Or read our whitepaper, giving useful information on the key principles of the Regulations along with a Step-by-Step Guide to becoming compliant.
To download the whitepaper, please click here.