The GDPR places data protection considerations at the forefront of your organisational processes. It increases transparency over how companies gather, process and use personal data with the aim of safeguarding the data of individuals throughout the EU – regardless of where it is stored.
After coming into force on 25 May 2018, the GDPR does not currently mandate third-party certification. However, there is alignment between the requirements of ISO 27001 and the GDPR in terms of how organisations should manage their information security policies, controls and processes. Achieving certification to ISO/IEC 27001:2013 demonstrates a commitment to meeting the requirements of the GDPR – demonstrating both compliance and accountability.
Benefits of GDPR
Compliance with the new regulation ensures organisations follow more transparent, customer-centric operations, establishing consumer trust and confidence. Regulators are not likely to look favourably on organisations that have made no effort to comply with the GDPR. The maximum fine for non-compliance – for example using personal data without consent or failing to protect personal data – is up to 20 million EUR or 4% of global turnover for the previous year – whichever is greater.
The GDPR encourages simplified processes that help your employees respect an individual’s right to privacy.
Data protection by design
Promoting data protection from the outset of any project addresses issues early on, guaranteeing regulatory compliance.
Need help with GDPR?
LRQA recognises that every organisation is unique: the impact of the new General Data Protection Regulation will depend upon the complexity of your setup and the maturity of your management systems.
LRQA provides a range of services in the information security and data protection arena, offering both training and assessment to help your organisation adapt.
While GDPR does not mandate certification, LRQA offers a range of training and assessment services that support compliance with the new regulation, including:
- Data Protection Officer (DPO) Training: Helping DPO’s prepare for the responsibilities of a newly-created role.
- GDPR Gap Analysis
- Data Mapping and Classification
- Data Protection Impact Assessment (DPIA) or DPIA training so you can conduct an in-house assessment
- GDPR Controls Assessment and Attestation
- Training, Gap Analysis and Certification for ISO 27001 (Information Security Management), ISO 22301 (Societal Security – Business Continuity Management Systems) and BS 10012 (Personal Information Management System).
Why work with us?
Our assessors are skilled professionals whose objective view gives you confidence in security measures that align with industry best practice. They work with high-profile clients in the finance, telecoms, software, internet, consultancy, justice and government sectors to deliver comprehensive, consistent and impartial assessments.
LRQA's technical specialists have sector-specific information security and IT experience. They have been at the forefront of international standards development for decades, alongside ongoing involvement in ISMS assessment, certification and training.
We maintain our impartiality by proactively managing conflicts of interest across all LRQA businesses including those which may exist between consultancy and third-party certification services. Click here to learn more.
Who we work with
We help businesses across dozens of sectors push forward and achieve like never before. How can we help you?
Helping NGO, Terre de Hommes, help children globally.
Helping Terre de Hommes help children globally. Certification to ISO 9001:2015 redesigns the NGO’s operating structure. Read more in our case study.