Complying with ISO 27001 and EU GDPR
Can an IT company with 1 employee and working with freelancers/consultants be compliant with iso27001 and gdpr?(Gdpr requires a data privacy officer)
Assign topic to the user
Please note that ISO 27001 was designed to be implemented by organizations of any size and industry, so it can be applicable to your organization. Freelancers/consultants can be viewed as outsourced services and treated accordingly.
Regarding GDPR, it depends on the activity of your organization. If your organization processes a high volume of personal data, or monitors behavior, or processes special categories of personal data like health data, political opinion, sex orientation, criminal convictions, so you require a Data Protection Officer (DPO). If your organization does not deal with this data, you do not require a DPO.
The DPO does not need to be an employee of the organization, this role can be outsourced, but you need to ensure that required roles and responsibilities are included in the contract or service agreement.
These articles will provide you a further explanation about ISO 27001 and DPO:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- How to hire the right DPO? https://advisera.com/articles/how-to-hire-the-right-dpo/
- The role of the DPO in light of the General Data Protection Regulation https://advisera.com/articles/the-role-of-the-dpo-in-light-of-the-general-data-protection-regulation/
These materials will also help you regarding ISO 27001 and DPO:
- How to integrate GDPR with ISO 27001 https://advisera.com/webinars/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- EU GDPR Data Protection Officer Course https://advisera.com/training/eu-gdpr-data-protection-officer-course/
Comment as guest or Sign in
Feb 03, 2021