Leveraging ISO/IEC Data Security Standards to Prepare for GDPR
The deadline for your organization to get compliant for the EU GDPR (European Union General Data Protection Regulation) is right around the corner. Understanding where your data is today, and developing a process to provide consent or the right to be forgotten are major initiatives that your organization will need to solve to ensure compliance. Do you understand the consent rules? Do you know which outsourcers have access to the data? Are you sure you can detect data breaches? Do you follow privacy by design and privacy by default principles when designing new systems? There are so many critical facets that your organization must understand and put into action with EU GDPR, so where do you turn for guidance? ISO/IEC (International Organization for Standardization/International Electrotechnical Commission) data security standards is a great place to start. This blog will focus on leveraging ISO/IEC data security standards as cybersecurity best practices to help prepare your organization for the EU GDPR.
How do International Standards help with EU GDPR?
With the EU GDPR enforcement starting May 2018, organizations are looking for ways to demonstrate compliance and avoid the potential fines associated. There are some great international data security standards, which are also best practice frameworks that you can leverage to help support your organization to address not only GDPR, but wider information security and privacy requirements. Some examples include ISO/IEC 27018, an international code of practice to support with managing Personally Identifiable Information (PII) on public clouds. It builds on the general controls described in ISO/IEC 27002 and is appropriate for any organization that processes PII.
How does ISO/IEC 27018 help with EU GDPR?
ISO/IEC 27018 ensures you address security issues related to PII stored on the public cloud. By using this framework, along with a robust ISMS (Information Security Management System), you demonstrate your commitment to protecting personal records and can provide the extra reassurance clients require for cloud computing. ISO/IEC 27001 is the internationally recognized standard for an information security management system. It provides you with a great framework to address information security risks with appropriate measures and controls. It’s an ideal starting point for any organization that needs to manage and respond to information threats and build resilience.
How does ISO/IEC 27001 help with EU GDPR?
ISO/IEC 27001 outlines specific requirements and controls that ensure you not only respond to contractual and regulatory requirements, such as the EU GDPR, but you put the appropriate controls in place to manage risks to your organizational data, including personal records. By adopting ISO/IEC 27001 as your best practice framework you’ll be in a good position to identify your requirements for the EU GDPR, as well as implement appropriate controls and any additional measures required. Internationally recognized ISO/IEC 27001 is an excellent framework that helps organizations manage and protect their data assets so that they remain safe and secure. It helps you to continually review and refine the way your organization protects PII assets, not only for today, but also how you protect PII in the future.
ISO/IEC is a Piece of the Overall Solution
Achieving an ISO/IEC 27001 certification greatly assists as credible evidence that your organization is taking the appropriate measures to comply with the EU GDPR, but it should be a complimentary piece of your overall data protection strategy to assist with compliance.
TokenEx is the enterprise leader in data protection. Follow us on Twitter and LinkedIn. Ulf Mattsson is the Head of Innovation for TokenEx, and he is the inventor of more than 55 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention.