GDPR ISO: 27001
The General Data Protection Regulation (GDPR) concerns the development of a single legal framework for the processing of personal data (eg name, occupation, marital status, age, place of residence) in the Member States of the European Union with a mandatory date of 25 May 2018. As it is a regulation and not a directive, it is directly applicable in all EU Member States and concerns practically all companies. All companies must comply with the new data as defined by the regulation, focusing on the protection of their information systems and data.
CityConsulting implements an Information Security Management System in accordance with the requirements of GDPR, but also of the International Standard ISO: 27001, which concerns information security (International Organization for Standardization, 2018) and shows several common points with the GDPR regulation. Violators are punished with high fines, which can reach up to € 20,000,000 depending on the violation.
OUR BUSINESS
In this way, CityConsulting provides you with a number of advantages, as the ISO 27001 certificate has international readability and validity, while at the same time giving an image of reliability and trust to your business. In addition, it ensures compliance with relevant laws and regulations, reduces potential costs of information loss and demonstrates the organization’s knowledge of the adequacy and compliance of the system in terms of secure information management, but also the commitment to information security by all and at all levels of the body.
Finally, it contributes significantly to the company’s ability to assess and manage information security risks.
CityConsulting ensures the perfect implementation of the Information Security Management System in accordance with the requirements of the new regulation, meeting all the essential requirements of the GDPR, which are:
-
The existence of a process of regular control, evaluation of its implementation and the evaluation of the effectiveness of technical and organizational measures to ensure the safety of processing
-
The ability to delete or export and deliver data on demand
- Timely availability and access to personal data in case of a physical or technical event
-
Careful collection and secure storage of personal data
-
Ensuring ongoing confidentiality, integrity, availability and robustness of processing systems and services
- The encryption of personal data
- Ensuring compliance by partner companies that manage personal data on behalf of the organization
IMPLEMENTATION OF ISO STANDARD
This template describes the requirements that must be met in order to be able to manage the overall and effective information. It is addressed to all companies or organizations, regardless of size and activity, that wish to adopt a way of overall management of information security. The implementation of the ISO: 27001 standard is particularly important for companies that deal with confidential information (eg file management companies, IT services and security) and CityConsulting ensures the necessary steps for its proper performance:
-
Initially, an information management framework is created and the policy to which the administration is committed is defined.
-
The security risk (s) are then identified and assessed.
-
Finally, controls are selected and applied.
