Does ISO 27001 Cover the Requirements of GDPR?

Every organisation that processes the personal information of EU residents must adapt their data handling, information security, compliance processes and contractual relationships by 25 May 2018. There is now 6 months to fully comply, failure to do so can bring fines of up to 4% of annual worldwide turnover or €20 million (whichever is greater). The organisations that need to be EU GDPR compliant are companies (controllers and processors) whether established in the EU or not, offering goods or services within the EU or to EU individuals.

The ISO/IEC 27001 provides an excellent starting point for achieving the technical and operational requirements necessary to prevent a data breach. ISO 27001 promotes a culture and awareness of security incidents in organisations and can assist with GDPR compliance in the following ways: -

  • Data encryption
  • Confidentiality, integrity and availability of data
  • Risk assessment
  • Business continuity
  • Testing and auditing
  • Compliance
  • Breach notification
  • Asset management

The ISO 27001:2013 is the best–practice standard which is most applicable under the new regulations for compliance to GDPR. To find out more about ISO 27001:2013, contact CQS on 01684 571 350 or email

Comments are closed
British Quality Foundation IAB