GDPR compliance

Answer:

Let me start by saying that compliance with ISO standards and compliance with a legal requirement are somewhat different. ISO standards are not mandatory and you don't get fined if you do not comply with their provisions nor can they be enforced by governmental bodies. In terms of ISO or any other standard, you get some kind of certificat ion stating you are compliant while for GDPR this is not applicable.

And finally, nor ISO nor any other standard can be used to prove compliance with a legal requirement such as the EU GDPR. What BS:10012 does is give you a framework that you could use in terms of data protection without guaranteeing anything in terms of legal compliance.

Coming back to your original question, I personally think that BS:10012 or ISO 270018 are not required to be compliant with the EU GDPR so unless you need those standards for something else, then you can get certified. ISO 27001 is, however, a good way to prove that you are keeping your information assets including personal data secure which helps in terms of compliance with Article 32 of the EU GDPR.

If you want to find out more about ISO and GDPR compliance, check out this EU GDPR & ISO 27001 Integrated Documentation Toolkit (https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit/).