Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Buddhika_dalwis
Viewer
‎03-28-2018 01:18 PM
‎03-28-2018 01:18 PM

GDPR for offshore company

Hi everyone,

 

I'm in the process of implementing ISO 27001 for an accounting firm in India who processes data of customers in UK. I believe the firm also needs to be complied to GDPR, what would be compliance requirements should I consider? 

 

Thanks in advance

Reply
0 Kudos
3 Replies
sanya_s
Viewer II
‎03-28-2018 03:52 PM
‎03-28-2018 03:52 PM

When implementing ISO27001 you must examine content 1. Regulations, 2. Contracts and 3 Security Policy , so your security policy will have to ensure that GDPR compliance is part of the regulation, and your context. With GDPR DPIA ( Data Protection Impact Assessment) is the key part of it, and you have to use this as  part of your risk assessment analyses, risk register and SOA for ISO27001 controls.

Go through your Annex A controls, and utilising your DPIA define your Statement of Applicability and incorporate that into your ISO27001 documentation. 

I hope this helps

 

 

Reply
0 Kudos
felipetsi
Viewer
‎03-28-2018 04:26 PM
‎03-28-2018 04:26 PM

Very good answer. But do you have some checklist with all GDPR requiriments?
Reply
0 Kudos
ajyoung
Viewer III
‎03-28-2018 07:13 PM
‎03-28-2018 07:13 PM

Suggest you use the PIA guidance provided bu CNIL (available in english!) whuich you will find at https://www.cnil.fr/en/home. That will take you through and guide your approach.

Reply
0 Kudos