With three weeks to go until the Europe-wide General Data Protection Regulation (GDPR) comes into force, two Irish companies are making sure they are compliant by using a globally-recognised standard for information security.
Dun Laoghaire-based consultancy firm RPS Group and Cork cloud solutions company vCloud.ie were presented with their certificates to the ISO 27001 standard during a special ceremony at the National Standards Authority of Ireland (NSAI) headquarters in Dublin.
A key international business standard, ISO 27001 provides organisations with a robust framework to manage their information – both on and offline.
“While the GDPR is the largest overhaul of data privacy in decades, it is important that businesses do not fear it,” said Pat Breen TD, Minister of State for Trade, Employment, Business, EU Digital Single Market and Data Protection.
“Indeed, for Irish companies, being able to demonstrate compliance with the Regulation will offer competitive advantage in domestic, European and International markets,” he added.
“One of the ways they can do so is by getting certified to ISO 27001, which has been described as a Swiss Army knife for GDPR compliance – it has every tool you need,” said Minister Breen.
Ahead of the May 25th introduction, organisations across the European Union have been reviewing their systems and the way people work to ensure that client and customer data is safe and used appropriately.
“By examining their people, processes and technology using ISO 27001, companies will be well-placed to defend themselves from not only technology-based risks, but other, more common threats, such as poorly informed staff or ineffective procedures,” said Geraldine Larkin, NSAI Chief Executive.
“It’s important to note that while ISO 27001 isn’t a catch-all for GDPR compliance, it will provide an organisation with a pathway to compliance in terms of risk assessment, breach notification and asset management,” she added.
The regulation introduces measures that make it easier for individuals to find out what data an organisation holds on them. It also requires organisations to report data security breaches to information commissioners and increases fines for serious breaches to €20m or 4% of global turnover, whichever is larger.
RPS Group and vCloud.ie were among 25 organisations from the private, public and SME sectors today marking their achievement in becoming certified to world-class standards. All of the organisations who achieved certification were independently audited by NSAI inspectors in order to ensure they complied with the standards.
They join an elite group of over 3,000 organisations across Ireland who are currently NSAI-certified in a variety of areas such as Quality Management Systems, Environmental Management Systems, Occupational Health and Safety Management Systems, Asset Management Systems, and the Human Resource framework, Excellence Through People.