From 25 May 2018, the General Data Protection Regulation (GDPR) applies in all EU countries. The GDPR replaces the national privacy laws of the member states and ensures that the personal data of all EU residents is protected in the same way.

Privacy awareness

The GDPR revolves around more awareness of privacy. For example the GDPR prescribes risk analyses, processor agreements and, under certain circumstances, a data protection officer. By applying the GDPR, the EU is encouraging companies and institutions to deal more consciously and responsibly with privacy and personal data issues.

The ISO 27001 standard is used worldwide as a basis for information security. This standard contains requirements and guidelines for structuring information security, thus guaranteeing confidentiality, availability and integrity of information within an organisation. 

ISO 27001 and GDPR

The standard ISO 27001 covers almost the entire spectrum of information security, however it’s depth is limited when it comes to privacy protection. An ISO 27001 certificate is therefore not sufficient to comply with the GDPR. Kiwa’s GDPR certification service incorporates detailed privacy protection, so meets that gap. Organisations that already comply with the GDPR can derive added value through an ISO 27001 certificate, because information security is more thoroughly covered.

More information?

Kiwa has an extended and diverse track record when it comes to ISO27001 certification. In our product portfolio you will find more information about ISO 27001 certification by Kiwa, about ISO 27001 certification costs, the ISO 27001 certificate and the ISO 27001 audit. Would you like to know more about ISO 27001 certification, about the difference between ISO 27001 and ISO 27002 or about other aspects of data security? Please complete the contact form and we will be in touch.