ISO 27001 and GDPR

ISO Quality Services Ltd

The deadline for the EU General Data Protection Regulations (GDPR) is fast approaching, with the 25th May now being just under 3 months away.

A question that we get asked a lot is “does having ISO 27001 mean that I am compliant with GDPR?” Here we explore whether ISO 27001 Information Security Management System can help your business with GDPR compliance.

Any information that your company holds is an asset to your business and therefore needs to be protected.

Even more so, with potential fines for failing to comply with GDPR reaching up to 20 million euros or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors, businesses need to ensure they are doing everything they can to protect data.

The UK Governments 2017 Cyber Security Breaches Survey reported that virtually all UK businesses who were covered by the survey are exposed to cyber security risks and approximately 61% of these businesses hold personal data of employees and customers electronically.

The survey also found that 46% of all UK businesses identified at least one security breach or attack in a 12 month period, with these breaches often resulting in a financial loss.

Those businesses who have already implemented the ISO 27001 standard are already half way there in ensuring they are compliant with the new regulations.

The standard will help your company coordinate all of your security efforts both electronically and physically, coherently, cost effectively and with consistency.

The processes within ISO 27001 are great best practice for complying with GDPR, such as the disposal of media, physical transfer of media, security of equipment and assets off-premises and clear desk/screen policy.

There are many other benefits to this standard to include:

Benefits to you:

• Cost reductions due to avoiding incidents

• Smoother running of operations as responsibilities and processes are clearly defined

• Improved business image in the marketplace – customers have peace of mind that the company is trustworthy Benefits to your customers

• Working with a trustworthy provider maintains the company’s own integrity to the safeguarding of its data

• It instils confidence further down the supply chain resulting in stronger client/supplier relationships

• Having appropriate access controls in place lowers the risk of accidental exposure to employees of confidential/sensitive information Benefits to your staff

• Reassurance that their employer is meeting data handling security guidelines

• Defines clearly and precisely roles and responsibilities therefore job satisfaction and productivity is increased.

So whilst having ISO 27001 does not automatically make you compliant with GDPR, it is certainly putting the foundations and more in place to help you with compliance.

If you wish to discuss your any of the above with a member of our team, we can be contacted on 01905 670303 or email

Sources -