As data protection and privacy become a higher corporate priority, compliance and risk professionals would be wise to leverage frameworks regarding privacy. Since we are both compliance professionals and wise, we will provide you with 3 things that anyone should focus on when implementing ISO27001. Focus on Privacy and GDPR. You’re welcome.
At first, any company thinking about implementing a ISO27001 certification – a proactive approach to security across the entire organisation – should look at its organisational and technical measures and aspects regarding security and privacy. How is the company organised? Does it consider the protection of personal data in every step of development and business? Asking yourself these kinds of questions will already help you to create an appreciation for ISO20071 within the organisation. You will be already halfway there since appreciation is everything.
Privacy and GDPR
The second thing is to make the ISO27001 certification work for you and your business. You can treat it like an asset, simply because it is.
Let us explain why.
Once you’re done implementing ISO27001, you will be facing many – like many – policies, procedures, controls, and processes. When you work with external parties (or when you’re on the hunt for new clients), you can pass the vendor assessment and due diligence very straightforwardly, because you have all the documentation and resources in-house. You don’t only have the certificate, but you have all the necessary knowledge and procedures behind the certificate. That’s why you are winning.
ISO27001 to start on GDPR
All companies need to implement GDPR, since every company has to be GDPR compliant to a certain extent. The GDPR mainly focuses on data protection, so on how to protect individuals, but it does not provide you with specific guidelines on how you should implement this. It’s very open for your own interpretation. This is where ISO27001 comes to the rescue.
ISO27001 provides guidance for implementing appropriate measures to mitigate privacy and security risks, with recommended technical measures in line with the requirements of the GDPR. It helps you to comply with the GDPR, as it provides an excellent starting point for organisations looking to implement the technical and organisational measures that are necessary to reduce the risk of a data breach.
ISO27001 has got a crazy number of controls and measures that your company can – and should – implement. Implementing ISO27001, therefore, means automatically strengthening your GDPR compliance and other data protection.
Let us conclude by asking you: what are you waiting for?