Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Jul 22, 2017

NBlog July 22 - ISO27k for GDPR

Someone just reminded me that nearly a year ago I wrote a document mapping the EU General Data Protection Regulation requirements to an ISO27k Information Security Management System.

The idea is to demonstrate how the ISMS satisfies most of the GDPR requirements, within an overarching governance framework that has other benefits (since it covers more than just privacy).  

If you find yourself in a bit of a pickle right now, under pressure from management to "do GDPR, and quick!", the mapping document helps by laying out and explaining the requirements. Even if you don't have an ISO27k ISMS at present, and have no immediate intention of implementing one, the structure is well worth considering. Turn GDPR from a challenge into an opportunity!

The mapping was released as part of the free ISO27k Toolkit and is covered by a Creative Commons license, so feel free to share the links with your peers.