The GDPR is now enforced (as of 25 May 2018).
With the General Data Protection Regulation (GDPR) now enforced, it has replaced the previous Data Protection Act (DPA).
All UK organisations that process the personal data of EU residents need to ensure that they are compliant. The GDPR applies to companies in or out of the EU, which employ EU nationals or wish to trade within any member state. Regardless of Brexit, the GDPR will is enforced under UK law.
Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the previous DPA. The Regulation extends the data rights of individuals, shall require organisations to develop clear policies and procedures to protect all personal data, as well as adopt appropriate technical and organisational measures to be compliant.
The UK’s Information Commissions Office (ICO), responsible as the regulator, could levy with the new regulations potential penalties for any breaches, reaching an upper limit of €20 million or 4% of annual global turnover – whichever is higher. The ICO will consider the severity of any breach before issuing a fine on a business. Breached organisations will find the fines they face will impact the business and potentially effect increased losses & lost profitability.
The international standard for Information Security Management, ISO/IEC 27001, encapsulates the information security elements of the majority of global privacy regulations by providing a comprehensive framework for developing, implementing and maintaining an independently auditable Information Security Management System (ISMS).
ISO/IEC 27001 will help an organisation protect their data assets and ensure it meets the compliance objectives now. An ISO/IEC 27001 compliant ISMS is a risk-based thinking approach to information security management, that addresses the specific security threats an organisation faces, protecting people, processes and technology.
Certification to ISO/IEC 27001 is recognised the world over as the hallmark of best-practice information security management, and demonstrates to customers, stakeholders and staff that an organisation takes its data security responsibilities seriously.
There are a number of ‘’links’’ between ISO/IEC 27001 and GDPR, that will without doubt simplify the implementation process. It makes sound business sense to adopt both in a controlled project process. However, the ISO/IEC 27001 is not law/mandatory now, but the GDPR is. With the latter there is no choice but to now adapt to the regulations.
This pathway can be implemented as follows:
We at CQA, can provide professional expertise as external Auditors, with the knowledge and tools to ensure the process is quick, and compliant with both the Standard and/or the Regulations.
Ultimately once the Standard is met and Certified as well as compliant with the GDPR Regulations, business losses will be reduced and profitability improved. Success here with approval, will also significantly improve the business marketability, branding and image with all its existing client base and potential new business opportunities.
The CQA timing - (generally 8-12 weeks) and costs - (dependent on the company turn over, number of staff and locations), will be bespoke and discussed ensuring CQA Ltd meet the business/company resources/budget that is agreed for the project.
Alternative ISO Standards products, Consultancy Services and/or Audits by: Compliant Quality Audits Ltd.
We, as a business are also able to provide consultancy services and or full Audits to ISO 9001, ISO 14001, BS OHSA 45001 and ISO 22301 Standards, by providing highly experienced, qualified external Assessors/Auditors to any given project.
This will allow a very competitively priced service to be provided efficiently and professionally, thereby delivering within budget and on time, the Standard (s) or Regulation the business requires.
Our initial GAP Analysis’s is free. This will enable the business to better understand how a chosen Standard or Regulation will fit into the organisation, what are the specific areas that can be adopted and then is able to be introduced to the processes, which will assure the Company becomes compliant and will be certified after a full Audit.