What is GDPR?
GDPR (General Data Protection Regulation) is data protection and privacy law that enforces organizations to protect personal data of EU (European Citizens), giving more control to individuals over their personal data.
It not only includes EU and EEA (European Economic Area) but it also applies to any globally-present companies that are associated with storing or processing personal data of EU residents.
The GDPR, consisting of 7 principles, 173+ regulations, and 99 articles, mandates new approaches to data security by provisioning legislative solutions to data breaches and ensure confidentiality and privacy of personal data.
How ISO:27001 And GDPR Related With Each Other?
Similar to GDPR in essence, ISO:27001 is an international information security standard that helps companies adopt best practices for implementing and maintaining an Information Security Management System (ISMS). It aims to control data security, integrity, and availability by helping companies to follow legal ISO Compliance.
While GDPR and ISO standards both have a fundamental thing in common, i.e. data security controls, both indicate several similar rules for data security. There are several differences exist between GDPR and ISO, but both are aiming to reduce cyber threats and mitigate external or internal security violations.
The similarity between both these standards includes:
- Data Integrity, Availability, Confidentiality
- Risk Assessment
- Notification Of Data Breaches
- Data Protection Measures
- Documenting Security Processes
How SPEC INDIA is GDPR-Compliant?
With globally-present clientele, and especially in the European region, we have taken several considerations into account to safeguard data at every level.
GDPR Practices We Follow To Ensure GDPR-Readiness
- Deletion/Modification Of Data
According to GDPR standards, EU citizens have rights to ask for data erasure and modification of data
- Data Protection Officer
We have appointed DPO ( Data Protection Officer) who oversees data protection strategy and ensures compliance with GDPR
- Encrypted Data
Our system stores encrypted data and manage end-to-end security controls while processing
- Secure Communication Channels
We use secure communication channels to ensure complete security and privacy of communication
- Consent of Users
- Notification of Breaches
We ensure, when a data breach occurs, we report that within 72 hours.
SPEC INDIA’s Security-First Approach For ISO And GDPR Compliance
- We have already initiated a drive to achieve ISO 27001 standard in 2nd quarter of 2019. We expect to get the certificate in the 4th quarter of 2019, ensuring complete security under control.
- Our QMS team maintains a healthy security structure enabling compliance with international data regulations
- To comply with GDPR regulations at every level, we have conducted internal sessions on GDPR.
- We constantly look forward to adopting the best security practices that are in line with GDPR compliance. Our teams are well aware of the importance of data security in the data-driven age, adopting best practice to strengthen data security controls and mitigate risks.