cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GDPR for offshore company

Hi everyone,

 

I'm in the process of implementing ISO 27001 for an accounting firm in India who processes data of customers in UK. I believe the firm also needs to be complied to GDPR, what would be compliance requirements should I consider? 

 

Thanks in advance

3 Replies
sanya_s
Viewer II

When implementing ISO27001 you must examine content 1. Regulations, 2. Contracts and 3 Security Policy , so your security policy will have to ensure that GDPR compliance is part of the regulation, and your context. With GDPR DPIA ( Data Protection Impact Assessment) is the key part of it, and you have to use this as  part of your risk assessment analyses, risk register and SOA for ISO27001 controls.

Go through your Annex A controls, and utilising your DPIA define your Statement of Applicability and incorporate that into your ISO27001 documentation. 

I hope this helps

 

 

felipetsi
Viewer

Very good answer. But do you have some checklist with all GDPR requiriments?
ajyoung
Viewer III

Suggest you use the PIA guidance provided bu CNIL (available in english!) whuich you will find at https://www.cnil.fr/en/home. That will take you through and guide your approach.