Guest user Created: Jan 20, 2018 Last commented: Jan 20, 2018

Security Framework

Does GDPR require that a company be certified under a particular security framework like ISO 27001, NIST, etc. to be considered GDPR compliant? Or, can a company still be GDPR compliant if they follow the standards set by those frameworks but not actually be officially certified by that framework?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Jan 20, 2018

Answer:

The EU GDPR does not require you to hold any certification in terms of security. Article 32 of the EU GDPR, however, requires you to implement “appropriate” technical and organizational measures to ensure : “ ongoing confidentiality, integrity, availability and resilience of processing systems and services”, “ability to restore the availability and access to personal data in a timely manner” (https://advisera.com/eugdpracademy/gdpr/security-of-processing/).

You can use ISO 27001 as a suitable framework to protect your personal data. If you require more information on ISO 27001 and EU GDPR you can check out our article Does ISO 27001 implementation satisfy EU GDPR requirements? (https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/) .

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 20, 2018

Expert Advice Community