Non-binding discussion

ISO 27001 Consulting – GDPR and data protection

DIN ISO 27001 for data security

The General Data Protection Regulation GDPR being the new data protection and data security standard

Dealing with the issues of data protection and data security and thus, indirectly also with ISO 27001 has become practically imperative for all the companies and tradespeople in Germany since May 2018 at the latest. The reason for that is that the new European General Data Protection Regulation, abbreviated as GDPR came into effect then.  

In the future, this EU regulation is going to govern within the European Union any dealings of companies with personal data, meaning especially, of course client data but also coworker data. But not just the very regulations are new. The same holds true for penalties for non-abidance by the new legal situation. Before, fines for dealing carelessly with data protection and data security had been more or less of a symbolic nature. But in the future, they can amount to up to 4 % of the annual turnover (and of the worldwide turnover at that). Such punishments are already hard on large groups but when it comes down to smaller companies, they can even jeopardize their very existence. On top of these penalties, German companies are also additionally threatened by cease-and-desist-letters from competitors and lawyers engaging in written warnings which are so “popular” over here, of course. So, the times when data could be dealt with in a lax way are definitely over.

Data protection and quality management are closely interconnected

Aside from purely legal aspects, the GDPR causes above all, organizational and technical changes, of course. The close connection to quality management becomes clear right away as well. So, previous processes need not just to be adapted accordingly but also checked for whether they conform to the new regulations. They may even have to be certified based on these aspects. In the future, data protection and data security are going to play an ever more important role and constitute ever more crucial quality features when it comes down to the public images of companies or to their obtaining orders from clients.

The ISO 27001 standard for information security management systems

The present DIN ISO/IEC 27001:2017 is a suitable tool defining requirements on the evaluation, implementation, maintenance and continual improvement of a documented management system for information security. This is all done while taking into account the context of the respective organization. Accordingly, ISO 27001 can be used for formulating data security requirements and objectives, for implementing an efficient security risks management system and for abiding by the legal situation in force at present. But ISO 27001 also provides an adequate framework for having internal or external auditors check out whether company guidelines are correctly implemented. Conformity to ISO 27001 can likewise be proven through external auditors, independent checks or confirmations from clients. A certification by external auditing companies is possible, too.

Costs of an ISO 27001 certification

The costs of a certification according to ISO 27001 can’t be indicated in a generalized manner since they depend very strongly on the respective business model but also on the prevalent structures and processes of the respective company. As a rule, they consist of internal costs for competent coworkers and adequate software systems, costs of external consultations as well as finally, auditing costs of the hired certification company. The degree to which quality management and documentation have been practiced so far impacts costs significantly, too.

ISO 27001 consultations with PeRoBa Quality Management in Munich

PeRoBa Quality Management GmbH in Munich will be happy to support you comprehensively when it comes down to the introduction and optimization of data security and data protection within your company. Based on the regulations of ISO 27001, we will prepare individual conceptions for you to implement the new legal provisions on an organizational and technical level. We perform internal audits, train coworkers in their practical dealings with ISO 27001 and help with planning and obtaining certifications for the public image of your company.

How may we help you?

If you have any questions dont hesitate contacting us!
You can use our contact form to write us a message, call us or make a free online appointment.

Make an online appointment
Non-binding discussion