GDPR standard as forerunner for GDPR ISO standardisation
Many organizations would like to obtain a certificate in order to objectively demonstrate GDPR compliance towards the market.
The General Data Protection Regulation (GDPR) mentions in article 42 that the creation and usage of data protection certification mechanisms and of data protection seals and marks, for the purpose of demonstrating compliance with GDPR, will be promoted. However, until recently there were no widely accepted certification standards available within the Benelux.
Therefore, lots of organizations are trying to obtain the ISO27001:2013 certificate as it is promoted by data protection authorities as a good way to objectively demonstrate that personal data is adequately protected. However, ISO27001 covers only one of the GDPR principles; the principle of confidentiality, and cannot be used to demonstrate full GDPR compliance.
Recently, BrandCompliance, one of our partners, has created a new standard (BC5701:2018) based on the GDPR. This standard facilitates the implementation of a privacy management system, which is the base to demonstrate GDPR compliance.
This standard uses a similar structure as the ISO standards and therefore can be easily combined with other standards such as ISO27001 to implement an integrated privacy and information security management system.
This BC5701:2018 standard will be proposed as the basis for the creation of an internationally harmonized GDPR standard which can be used by organization such as NBN and NEN, the Belgian and Dutch certification institutes, and which would allow organizations to obtain a market recognized certification.
The cross table below (in Dutch) shows how GDPR requirements are integrated within the BC5701:2018 chapters. The entire cross table can be found within the BC5701:2018 standard .
Toreon is one of the first companies that adopted these standard within the Belgian market in order to aid organizations in their quest to become demonstrable compliant with the GDPR.
To be clear, the implementation of a privacy management system based upon BC5701:2018 is not a legal requirement but does position your company as a privacy pioneer within your industry. Allowing you to leverage compliance as a competitive advantage.
Purchase and download the standard. LINK: http://gdprcertificationstandard.com/product/pdf-bestand/