The General Data Protection Regulation harmonises data privacy laws across Europe and aims to protect the data privacy of all EU citizens. The aim of the GDPR is to protect consumers from privacy and data breaches in an increasingly data-driven world which is vastly different from the world of the 1990s, during which the first directive was established. It explicitly promotes accountability and transparency and companies are expected to adhere to comprehensive but proportionate measures.
Who does it apply to?
If you are processing data from individuals in the context of selling goods or services to citizens in the EU you will need to comply with the Regulation. The GDPR applies to and places specific legal obligations on ‘controllers’, the person who says how and why personal data is processed and ‘processors’, who act on the controller’s behalf.
What information does the GDPR apply to?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Are you ready for GDPR?
May 2018 the EU Directive, the General Data Protection Regulation (GDPR) will come into effect and replaces the current Data Protection Directive. At that time, any company deemed non-compliant will face heavy penalties and fines.
How can I demonstrate that I comply?
There are different ways that you can demonstrate compliance, however, certification is a good mechanism to show commitment and that your business processes are robust.
Certification has now become a formal feature of the EU GDPR. The Regulation states that certificates from approved and accredited
Certification Bodies are acceptable routes of demonstrating compliance.
ISO 27001 Information Security Management
is the international best practice standard for Information Security. ISO 27001:2013, the current version of the standard, provides a set of standardised requirements for an information security management system (ISMS). The standard is suitable for any organisation, large or small, and in any sector and is especially suitable where the protection of information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also very applicable for organisations which manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies.
Exova BM TRADA
Exova BM TRADA is an UKAS accredited certification body No. 0012, offering ISO 27001 Information Security Management certification. Find out more about ISO 27001 certification here