By Harshini Carey ,Regional Director – Neupart UK
Even though the GDPR deadline is looming, it’s important that organisations don’t neglect their other information security practices. Chances are that you’ve been following best practices and internationally recognised standards up until this point and GDPR shouldn’t change that.
The problem seems to be that many companies see GDPR as yet another regulation that they’ll need to comply with. But as the ICO has stressed, the GDPR is not a revolution in data protection regulations, it’s an evolution. We’ve had regulations such as the Data Protection Act for a while now. The GDPR is simply an update that will ensure a better treatment of individuals’ personal data.
Don’t Think Big, Think Smart
Rather than wasting resources by running data protection and information security management on two parallel tracks, data protection should build upon your existing information security measurements because the two have plenty in common.
For example, one of the things that the Data Protection Regulation emphasises, is that you assess the most immediate threats to your organisation and build your data protection program around them. This is the same kind of threat-based method that the ISO 27001 standard promotes. So if you’ve been complying with the ISO 27001 standard, you’re already well on your way to complying with the GDPR.
In fact, the better you maintain your current safety standards and procedures, the closer you are to GDPR compliance. That’s why it’s so important you don’t approach GDPR as a project that needs to be built from scratch. Rather, carry out a gap analysis, figure out where you stand in relation to the new regulation, and then simply bridge the gap.