There is currently no certification body for the GDPR. Although you may be able to demonstrate that you have implemented the policies and procedures required by the GDPR and the DPA of 2018, the implementation of an effective Information Security Management System (ISMS) provides reassurance to customers, clients and suppliers alike.
ISO 27001 is a framework of policies and procedures that includes all of the legal, physical and technical controls used in a company’s information risk management processes. It is one of the family of standards providing world-class specifications for products, services and systems to ensure quality, safety and efficiency.
ISO is the International Organisation for Standardisation and UKAS is the sole national accreditation body for the United Kingdom.
The way we use data has changed significantly over the last 20 years, specifically in relation to the way data is acquired and dealt with.
Whilst cyberattacks resulting in data breaches dominate the headlines, the truth is that the majority of data breaches occur due to human error:
- A dropped memory stick
- Sending something to the wrong e-mail address
- Adding data to the wrong Dropbox folder
- Not taking care of paper files whilst out of the office.
In addition to this, over the last few years cyberattacks have increased in complexity and frequency, exposing millions of people and businesses to security breaches, theft and fraud.
In the digital age in which we live, the associated reputational damage arising from a data breach can be fatal to any business.
Do you look after or process client data? Are you an IT or telecoms company or part of the healthcare or financial industries? What makes you stand out from your competitors and makes your clients choose you?
Article by: Eddie Finch
This is an article from: Insight & Innovation: Issue 2 – click here to read the whole newsletter.