Cyber Essentials and GDPR

GDPR Readiness certificate

IASME offers a certification route to demonstrate that you have taken into account the requirements of the General Data protection regulation (GDPR). This certification is available as a verified self-assessment or as an on-site audit.

If you pass this assessment you will receive a certificate and be entitled to use the logo to show you have passed the IASME Governance assessment which includes GDPR requirements as well as Cyber Essentials. You will be able to demonstrate to your customers that you take the protection of their personal and valuable data seriously.

About GDPR

The GDPR became enforceable from 25 May 2018. If breached, the Regulation allows for penalties which could result in fines of up to 4% of global turnover.

Despite Brexit, GDPR still affects the UK. Every organisation processing personal data must carry out safeguards against loss, theft and unauthorised access. Respect for the privacy, security of data and awareness of breaches is key. There is a duty to report a breach within 72 hours. If that breach is potentially of high privacy risk, then affected individuals should also be advised of the data breach. This is a significant change on the old Data Protection Regime in the UK.

The definition of personal data is wide and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses. The GDPR is more robust to anything we have previously seen with organisations now more accountable.

Further information and guidance is available on the Information Commissioners Office website 

So what should I do ?

Certification to Cyber Essentials is a great first step and one that is being recognised by the Information Commissioners Office as good practice. Cyber Essentials can mitigate penalties should an organisation suffer a breach. Cyber Essentials is evidence that you have carried out basic steps towards protecting your business and your data from internet based cyber-attacks.

As Cyber Essentials focusses on key technical controls, GDPR requires more than Cyber Essentials on its own. By certifying to the IASME Governance Standard, which includes the GDPR requirements, you demonstrate that your organisation has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which supports GDPR compliance. These include assessing business risks, training staff, dealing with incidents and handling operational issues.

If you want to know more about how Cyber Essentials and IASME Governance, including GDPR requirements, can support your GDPR obligations, then IASME has a network of Certification Bodies who can support you. To find the one nearest to you, please follow this link.

You can download the full set of assessment questions, including the Cyber Essentials questions, here. If you pass this assessment, you will receive a certificate and be able to use the IASME Governance with GDPR logo which you can use to demonstrate to your customers, and employees, that you take the protection of their valuable personal data seriously.