Stephen Wheatley achieves EU GDPR Practitioner statue with the IBITG.
The UK Government has now confirmed that it will implement the EU General Data Protection Regulations (GDPR). Organisations that process personal data of individuals will have to comply with the EU GDPR by May 2018.
The Regulation mandates considerably tougher penalties than the DPA: organisations that breach the requirements of the regulation can expect fines of up to 4% of annual global turnover or €20 million – whichever is greater.
The Regulation will supersede the Data Protection Act 1998. The key changes are as follows:
If your business is not in the EU, you will still have to comply.
The definition of personal data has been extended.
Consent will be required to process children’s data.
New rules for valid consent.
A Data Protection Officer (DPO) will have to be appointed in some organisations.
A requirement for privacy risk impact assessments.
New data breach reporting requirements.
The right to be forgotten.
International data transfer and portability.
Responsibilities of data processors.
Systems should include privacy by design.
Effective implementation of ISO/IEC 27001 will help demonstrate effective and adequate technical and organisational controls to protect personally identifiable data and the systems that process it.
ISO9001:2015 Quality Management and ISO14001:2015 Environmental Management
Both ISO9001:2015 & ISO14001:2015 were published in September 2015 and are now being implemented in accordance with a three year transition period by certification bodies. Deadline to transfer from the previous versions is end September 2018.
ISO45001 Health and Safety Management
The long-awaited international standard replacing OHSAS18001 is now available as 2nd final draft for comment. Publication of the approved ISO45001 may be as early as October 2017.
Integrated management systems
All recent publications of ISO9001:2015, ISO14001:2015, ISO/IEC27001:2013 and ISO22301:2012 are all formatted around the Annex SL framework, making integration of management systems easier.
Please contact us for more details.