General Data Protection Regulation GDPR was published by the European Union to ensure that Data is secure and used for the right business purpose.
Although the compliance has to be met by organisations, there is no need for any certification by any third party.
To comply to the GDPR and meet the certification requirements for ISO 27001 Information Security Management, ISO 20000 IT Service management, ISO 13485 Medical devices management system, there are 99 articles and 173 recitals to be complied.
Certain additional ISO Standards which can be referred while implementing ISO 27001, ISO 20000, ISO 13485 are ISO 8000-8 Data Quality, ISO 29124 Information Technology security techniques guidance for Data privacy, BS 10012 Personal Information Management system.
The following details have to be known for organisations who implement GDPR, DS – Data Subject, DP – Data processor and DC -Data controller. All the key companies involved in Data processing be it in Europe or any other part of the world have to comply to GDPR.
The word “Third country” is used many times in the GDPR. This refers to the organisations located in other countries other than the European Union EU, who are a party to this and have to comply to GDPR
Upon knowing a Breach, the DS Data subject have to notify the National regulator within 72 hours of such a breach. The guilty could be penalised anywhere between 10 million Euros to 20 million Euros.
Organisations have to deploy as Data Processing Officer who is referred to DPO to monitor the GDPR Compliance.
Wish to implement GDPR along with ISO 27001, ISO 20000, ISO 13485 – Do call us on 9845078743, 9845313910 or just drop an email to SHAKTI@GQSINDIA.COM