UK USA Kenya Australia Belgium Canada Deutschland España France Hong Kong (EN) Hong Kong (ZH) Ireland New Zealand Philippines South Africa Malaysia Rwanda Tanzania Uganda Nigeria Switzerland Austria

GDPR

General Data Protection Regulation.

Get In Touch
Close-up of a person's hands opening a file cabinet

GDPR – General Data Protection Regulation

The General Data Protection Regulation (GDPR) is an EU regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Get in touch GDPR
Downloads
Guide: GDPR and ISO 27001 Guide: GDPR

What is GDPR?

The General Data Protection Regulation 2016/679 (GDPR) will replace the actual Directive (Data Protection Directive). GDPR is focused on the protection of data subjects. It will be enforceable from May 25, 2018. Organizations are encourages to start preparing now, taking into account that some obligations may be onerous and time consuming to implement.

Both administrative fines and legal proceedings can be placed against organizations found to be in violation of the regulations. Regulatory bodies across the EU have been given the power to enforce greater financial penalties than ever before. These fines are a maximum of € 20,000,000 or 4% or the total worldwide turnover for the parent company in the previous financial year, whichever is the greater value. The only way to minimize a fine is to show your steps towards compliance. From the outset be aware the GDPR is not just an IT problem.

Does my organization need to be GDPR compliant?

If you store, collect, process or transmit data you’re in scope and have to comply with the GDPR. The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.

When processing any sensitive or personal data as either a data controller or processor you must take appropriate technical measures to secure data against accidental loss, damage or destruction and provide explicit consent for processing each service.

Article 5 of the GDPR requires that personal data shall be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals.
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Get in touch GDPR

 

Why IMSM?

Simple: We make it simple. Since 1994, we’ve been helping businesses achieve ISO certification and have over 150 experts worldwide. With 15,000+ clients trusting us to implement their ISOs, we have proven to be experts capable of handling the logistical heavy lifting, saving your company precious time. With a transparent fixed fee, flexible approach, and real-time access to updates, documentation, and an array of other features through IMSMLoop, we work with your organisation to make ISO implementation as straightforward and beneficial as possible.

We strive to do this with our:

– World-class gap analysis
– Experienced and diverse ISO consultants
– Regular updates, provided through IMSMLoop
– Flexible terms and contract
– Fixed fee
– Full implementation

How can ISO specialists help your business?

Getting started with ISO certification can seem like a daunting process, which is why many businesses choose to use the help of an ISO consultant. We support and guide your business through certification. Our experienced assessors take the lead on auditing your business, helping you use the results to improve your quality management system. If necessary, there is also plenty of room for training.

FAQs

  1. How can organizations prepare? 
    The adoption of internationally recognized management system standards such as ISO/IEC 27001 Information and Data Security demonstrate an organizations active vigilance and preparedness to firstly achieve compliance and thereafter maintain compliance with the GDPR.
  2. How are GDPR and ISO/IEC 27001 related?
    ISO/IEC 27001 is a framework for information protection. According to GDPR, personal data is critical information that all organizations need to protect. There are some GDPR requirements that are not directly covered in ISO/IEC 27001, such as supporting the rights of personal data subjects: the right to be informed, the right to have their data deleted, and data portability. But, if the implementation of ISO/IEC 27001 identifies personal data as an information security asset, much of the GDPR requirements will be covered.

GDPR Blogs

Take a look at our most recent blogs relating to GDPR

What is GDPR? icon

What is GDPR?

The General Data Protection Regulation 2016/679(GDPR) will replace the actual Directive (Data Protection Directive). GDPR is focused on the protection of data subjects. It will be enforceable from May 25, 2018.

Read more

Contact Us

For a free Quotation or On-Site presentation by an ISO Specialist, contact us today!

IMSM Inc USA Headquarters
515 S. Flower Street,
18th Floor,
Los Angeles, CA 90071
USA

Tel: 833 237 4676

Contact Us

For a free Quotation or On-Site presentation by an ISO Specialist, contact us today!

IMSM Inc USA Headquarters
515 S. Flower Street,
18th Floor,
Los Angeles, CA 90071
USA

Tel: 833 237 4676