THE GENERAL DATA PROTECTION REGULATION

The  GDPR places data protection considerations at the forefront of your organisational processes. It increases transparency over how companies gather, process and use personal data with the aim of safeguarding the data of individuals throughout the EU – regardless of where it is stored.

After coming into force on 25 May 2018, the GDPR does not currently mandate third-party certification. However, there is alignment between the requirements of ISO 27001 and the GDPR in terms of how organisations should manage their information security policies, controls and processes. Achieving certification to ISO/IEC 27001:2013 demonstrates a commitment to meeting the requirements of the GDPR – demonstrating both compliance and accountability.

Build trust

Compliance with the new regulation ensures organisations follow more transparent, customer-centric operations, establishing consumer trust and confidence. Regulators are not likely to look favourably on organisations that have made no effort to comply with the GDPR. The maximum fine for non-compliance – for example using personal data without consent or failing to protect personal data – is up to 20 million EUR or 4% of global turnover for the previous year – whichever is greater. 

Streamline processes

The GDPR encourages simplified processes that help your employees respect an individual’s right to privacy.

Data protection by design

Promoting data protection from the outset of any project addresses issues early on, guaranteeing regulatory compliance.

LRQA recognises that every organisation is unique: the impact of the new General Data Protection Regulation will depend upon the complexity of your setup and the maturity of your management systems.

LRQA provides a range of services in the information security and data protection arena, offering both training and assessment to help your organisation adapt.

While GDPR does not mandate certification, LRQA offers a range of training and assessment services that support compliance with the new regulation, including:

• GDPR Briefing: An introduction to the core principles and concepts of GDPR.
• GDPR Foundation: Explaining the implications of GDPR for your organisation and the steps to become compliant.
• Data Protection Officer (DPO) Training: Helping DPO’s prepare for the responsibilities of a newly-created role.
• GDPR Gap Analysis
• Data Mapping and Classification
• Data Protection Impact Assessment (DPIA) or DPIA training so you can conduct an in-house assessment
• GDPR Controls Assessment and Attestation
• eLearning modules in data protection and information security onboarding
• Training, Gap Analysis and Certification for ISO 27001 (Information Security Management), ISO 22301 (Societal Security – Business Continuity Management Systems) and BS 10012 (Personal Information Management System.

Highly qualified

Our assessors are skilled professionals whose objective view gives you confidence in security measures that align with industry best practice. They work with high-profile clients in the finance, telecoms, software, internet, consultancy, justice and government sectors to deliver comprehensive, consistent and impartial assessments.

Technical expertise

LRQA's technical specialists have sector-specific information security and IT experience. They have been at the forefront of international standards development for decades, alongside ongoing involvement in ISMS assessment, certification and training.

Your business helps LRQA to help others

The profits we generate fund the LRQA Foundation, a charity which supports science and engineering-related research, education and public engagement around everything we do. All of this helps us stand by the purpose that drives us every single day: Working together for a safer world.

We maintain our impartiality by proactively managing conflicts of interest across all LRQA businesses including those which may exist between consultancy and third-party certification services. Click here to learn more.