There is confusion among people that certain certifications like ISO 27001 means GDPR. GDPR is compliance and as of today there is no certification which can prove companies are GDPR compliant.

it’s important to remember that ISO 27001 covers a very specific area of data security. And while this certification can be valuable from a GDPR perspective, it shouldn’t be viewed as an ‘automatic passport’ to full GDPR compliance.

In its Article 32, the GDPR states that organizations “…shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk…” It also mandates other security-related points.  As the leading international standard and certification for information security, ISO 27001 is an ideal choice of a framework to support GDPR compliance.  It’s important to remember that ISO 27001 covers a very specific area viz  data security. Data security is less than 5% of the work organisations will have to perform to bring themselves into compliance with GDPR. And while this certification can be valuable from a GDPR perspective, it shouldn’t be viewed as an ‘automatic passport’ to full GDPR compliance.

In crux GDPR consists of 99 Articles. As we’ve seen, just one of those covers technical and organisational data security measures. In other words, there’s much more to full GDPR compliance than ensuring your information security management system is up to level.

Do contact usfor more information on how GDPR Consultants offerings can help your organization Stay One Step Ahead !