Professional Documents
Culture Documents
GDPR and ISO 27001 Infographic
GDPR and ISO 27001 Infographic
CONTROLS AND
PERSONAL DATA SECURITY FRAMEWORK
The GDPR recommends the use ISO 27001 follows international best The GDPR stipulates that organisations
of certification schemes such as practice and will help you put processes should select appropriate technical
ISO 27001 as a way of providing in place that protect not only customer and organisational controls to mitigate
the necessary assurance that information but also all your information the identified risks. The majority of the
the organisation is effectively assets, including information that GDPR’s data protection arrangements
managing its information security risks. is stored electronically and in hard copy and controls are also recommended
format. by ISO 27001.
9. CERTIFICATION 5. ACCOUNTABILITY
The GDPR requires organisations ISO 27001 requires your security regime
to take the necessary steps to ensure to be supported by top leadership and
the security controls work as designed. incorporated into the organisation’s
Achieving accredited certification culture and strategy. It also requires
to ISO 27001 delivers an independent, the appointment of a senior individual
expert assessment of whether you have who takes accountability for the ISMS.
implemented adequate measures The GDPR mandates clear
to protect your data. Implementing an ISMS conformant with ISO 27001
is not only information security best practice but also
accountability for data protection
integral to demonstrate data protection compliance. throughout the organisation.
Read more about ISO 27001.