The General Data Protection Regulation (GDPR), successor to the various European data protection laws based on the 1995 EU Data Protection Directive, has been a long time coming.
According to a recent European Parliament press release, however, the end may at last be in sight. The European Council and European Parliament have now reached a “strong compromise” on a draft of the GDPR. “It is now up to [EU] member states to give the green light to the agreement.”
MEP Jan Philipp Albrecht, the European Parliament’s chief negotiator for the GDPR, said that “negotiations hopefully have cleared the way for a final agreement”.
“In future,” he added, “firms breaching EU data protection rules could be fined as much as 4% of annual turnover – for global internet companies in particular, this could amount to billions. In addition, companies will also have to appoint a data protection officer if they process sensitive data on a large scale or collect information on many consumers”.
First proposed in 2012 by the European Commission, the GDPR will unify data protection across the EU, superseding EU member states’ individual laws, including the UK’s Data Protection Act 1998.
All organisations that collect, process or store information will have to meet the requirements of the GDPR, which is why experts such as PwC’s global head of data protection and cyber security have advised companies to act sooner rather than later to fulfil their information security obligations ahead of the GDPR’s introduction.
Implementing an information security management system (ISMS), as described in the international best-practice standard ISO 27001, is the sensible route to compliance.
Information security best practice
An ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification. In addition to this, the external validation offered by ISO 27001 certification is likely to improve your organisation’s cyber security posture and business efficiency while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts – as well as allowing you to meet your legal and regulatory obligations.
According to the latest ISO Survey, there was a 17.6% growth in the number of ISO 27001 certificates in the UK last year. As more and more organisations seek to implement best-practice information security practices based on the Standard, an ISO 27001 qualification is something that IT executives, compliance managers and management systems professionals can no longer afford to be without. Book a place on one of IT Governance’s ISO 27001 training courses now to start 2016 with the best chance of increasing your earning potential.