There are now so many different platforms people use as part of their daily routine where personal information is collected such as the growth in mobile applications, loyalty schemes, connected devices, and location-based advertising. This means we are regularly handing over our data without thinking it through, creating more data flows than ever before. And whether it’s dating sites, telecoms providers, or public service organizations, there is barely a day that goes by when you look at the news and don’t see a reference to a data breach where personal records have been compromised.
This has only increased the focus on issues surrounding the misuse of personal information, meaning organizations cannot afford to be complacent.
Greater awareness of these issues has led to growing concern, among both individuals and governments, around how personal data is collected, used, and protected; in response, some governments have proposed or enacted new regulations aimed at providing guidelines and requirements for the treatment of personal data.
Within Europe, the introduction of the General Data Protection Regulation (GDPR) provides harmonization of data privacy laws that reflect the realities of the digital world we now live in.
Being able to guarantee to protect your customers’ data makes up a huge part of modern-day customer service.
If your business requires you to store personal data, such as details of customers or employees, then you must comply with the Data Protection Act 1998 and General Data Protection Regulation (GDPR).
The purpose of data protection legislation is to ensure that personal data is not processed without the knowledge and, except in certain cases, the consent of the data subject. It is meant to ensure that personal data is accurately processed, and to enforce a set of standards for the processing of the information.
As such it is becoming an increasingly important piece of legislation, affecting the day-to-day operation of almost all organizations.
As the privacy landscape evolves and quantities of personal data multiply, organizations need to protect individual privacy rights. Are you taking full accountability when you process and manage personal identifiable information (PII)? Do you have the right controls, consent, and lifecycle management from collection to destruction? And what about when data is compromised?
Building confidence internally and with clients, suppliers, and wider stakeholder groups is critical.
Given the dynamic environment in which we operate, the need for guidance on how organizations should manage and process data to reduce the risk to personal information is getting more important.
Guidance, in the form of a new international standard, for how organizations should manage personal information and assist in demonstrating compliance with updated privacy regulations around the world is therefore very powerful.
That’s why information management standards have been created.
For over a century BSI has been helping businesses to drive success through standards. And there are some great best practice frameworks that can help support your organization to address not only EU GDPR but wider information security and privacy requirements. From BS EN ISO/IEC 27001 to BS 10012, we have a range of standards that can help.
BS ISO/IEC 27001 Information Security Management
BS EN ISO/IEC 27001 is the internationally recognized standard for an information security management system. It gives you a great foundation framework to address information security risks with appropriate measures and controls. It’s an ideal starting point for any organization that needs to manage and respond to information threats and build resilience.
BS EN ISO/IEC 27001 outlines specific requirements and controls that ensure you not only respond to contractual and regulatory requirements, such as EU GDPR, but you put the appropriate controls in place to manage risks to your business information, including personal records.
By adopting BS EN ISO/IEC 27001 as your best practice framework you’ll be in a good position to identify your requirements for the EU GDPR, as well as implement appropriate controls and any additional measures required.
BS 10012 Personal Information Management
BS 10012 sets out the requirements for a personal information management system. It ensures you identify and mitigate risks to personal information through implementing the appropriate controls.
This standard is written to align with legislation. Originally written against the UK Data Protection Act requirements, BS 10012:2018 has now been revised so that it is more closely aligned to EU GDPR requirements. By using this guidance, along with a robust (Information Security Management System) ISMS, you will be in a good position to demonstrate EU GDPR compliance.
BS EN ISO/IEC 27018 Personally Identifiable Information on Public Clouds
BS EN ISO/IEC 27018 is an international code of practice to support managing Personally Identifiable Information (PII) on public clouds. It builds on the general controls described in BS EN ISO/IEC 27002 and is appropriate for any organization that processes PII.
BS EN ISO/IEC 27018 ensures you address security issues related to personally identifiable information stored on the public cloud. By using this framework, along with a robust ISMS, you demonstrate your commitment to protecting personal records and can provide the extra reassurance clients require for cloud computing.
Want to have access to all your data security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information security processes. The flexibility and visibility it provides of the best practices guidance enables you and your team to get the most from standards - from privacy on the cloud to auditing your information management systems. Build your own custom collection of standards, or opt for access to our GBM24 Information Technology - Software & Networking module and keep up-to-date with any relevant changes to your information security strategy. Request to learn more.
Ensure your organization is inspiring trust in customers and complying with regulations by adding these key information protection standards to your collection today.