THE GENERAL DATA PROTECTION REGULATION

The  GDPR places data protection considerations at the forefront of your organisational processes. It increases transparency over how companies gather, process and use personal data with the aim of safeguarding the data of individuals throughout the EU – regardless of where it is stored.

After coming into force on 25 May 2018, the GDPR does not currently mandate third-party certification. However, there is alignment between the requirements of ISO 27001 and the GDPR in terms of how organisations should manage their information security policies, controls and processes. Achieving certification to ISO/IEC 27001:2013 demonstrates a commitment to meeting the requirements of the GDPR – demonstrating both compliance and accountability.

Build trust

Compliance with the new regulation ensures organisations follow more transparent, customer-centric operations, establishing consumer trust and confidence. Regulators are not likely to look favourably on organisations that have made no effort to comply with the GDPR. The maximum fine for non-compliance – for example using personal data without consent or failing to protect personal data – is up to 20 million EUR or 4% of global turnover for the previous year – whichever is greater. 

Streamline processes

The GDPR encourages simplified processes that help your employees respect an individual’s right to privacy.

Data protection by design

Promoting data protection from the outset of any project addresses issues early on, guaranteeing regulatory compliance.

LRQA recognises that every organisation is unique: the impact of the new General Data Protection Regulation will depend upon the complexity of your setup and the maturity of your management systems.

LRQA provides a range of services in the information security and data protection arena, offering both training and assessment to help your organisation adapt.

While GDPR does not mandate certification, LRQA offers a range of assessment services that support compliance with the new regulation, including:

• GDPR Gap Analysis
• Data Mapping and Classification
• GDPR Controls Assessment and Attestation
• Training, Gap Analysis and Certification for ISO 27001 (Information Security Management), ISO 22301 (Societal Security – Business Continuity Management Systems) and BS 10012 (Personal Information Management System).

Highly qualified

Our assessors are skilled professionals whose objective view gives you confidence in security measures that align with industry best practice. They work with high-profile clients in the finance, telecoms, software, internet, consultancy, justice and government sectors to deliver comprehensive, consistent and impartial assessments.

Technical expertise

LRQA’s technical specialists have sector-specific information security and IT experience. They have been at the forefront of international standards development for decades, alongside ongoing involvement in ISMS assessment, certification and training.