CALL US TODAY: 0203 983 8278
Email usenquiries@nathsolicitors.co.uk
Home // Privacy management: should your business adopt new ISO?

Most of us are now aware of the challenges posed to every business by inadequate privacy information management. The Information Commissioner’s Office (ICO) continues to impose significant fines on organisations of all kinds. Recently, for example, it has taken action against and imposed significant fines on an estate agency, a mobile phone operator and a London borough council. So compliance with GDPR – and demonstrating compliance – matters now more than ever.

If you need guidance regarding data protection and privacy, contact our privacy solicitors London on 0203 983 8278 or contact us online.

REDUCING THE RISK OF DATA BREACHES

At Nath Solicitors, we advise a wide range of start-ups and small and medium-sized businesses on GDPR compliance matters. With several bespoke GDPR compliance packages available we help businesses in London and across the UK reduce the risk of data breaches that could result in regulatory intervention. For more information call Shubha Nath on 44 (0) 203 670 5540 or contact the firm online.

27701: THE INTERNATIONAL INFORMATION SECURITY MANAGEMENT STANDARD

Data security is an increasing concern. According to a 2018 World Economic Report cyber attacks on business have doubled in the last five years. Increased awareness of the importance of data security following the launch of GDPR can help minimise the risks of breaches as we mentioned above. But businesses can take further steps.

An increasingly used tool for businesses to reduce the risk of data security breaches within their organisations is the 27701 – a worldwide compliance standard that has recently been extended and updated. ISO 27701 is a recognised international standard to help companies manage the information they hold on individuals and meet regulatory obligations such as GDPR.

ISO 27701: THE BASICS

The popularity of this type of certification internationally can’t be underestimated. In the USA, for example, take-up of ISO 27701 by businesses alert to the dangers of poor privacy information management is above 90%. So what does adoption of ISO 27701 entail?

Key elements of ISO 27701 include:

  • Specification of the requirements for establishing, implementing and continually improving a privacy-specific information security management system.
  • An emphasis on the importance of adopting a privacy management system that is capable of evolving to meet the face of ever-changing technology.
  • Tailored guidance for data processors and controllers within organisations

Implementing ISO 27701 is not an easy task. It’s important that the relevant personnel within your organisation are familiar with the requirements and that staff receive appropriate training on ISO 27701 compliance. Certification will involve risk assessments, internal audits and accurate scoping of the ISO 27701 project. The documentation and processes you will be required to develop and complete include:

  • An information security policy
  • Information security risk assessment process
  • Information security objectives
  • A documented internal audit process
  • Evidence of the nature of breaches and any subsequent actions taken
  • Evidence of the results of any corrective actions taken

Once an organisation is ISO 27701 certified it must continually review the effectiveness of its processes and compliance.

WHAT NEXT?

Adoption of the ISO 27701 standard is an entirely voluntary decision for your business. And while some of what we have outlined here may appear daunting, the benefits of an ISO 27701 certification are enormous. It indicates to the ICO that you take data security seriously and it signals to the world that you are a business that values the personal information of clients. And remember ISO 27701 is aimed at businesses of all sizes and in all sectors, not just large multinationals. For smaller enterprises, there are invaluable resources available online and elsewhere to help you implement the standard.

Ultimately organisations must weigh up any potential benefits that ISO 27701 will bring them against any additional costs incurred. For some ISO 27701 will be a good framework to help them improve their systems. For others that have already proactively improved their privacy management systems, ISO 27701 may not be essential. And advice from information lawyers like ourselves can ensure you concentrate on implementing a scheme that is proportionate and appropriate for your business.

To discuss how we can assist you, call our London office on 0203 983 8278 or contact us online.

    CONTACT US TODAY

    I accept the privacy policy

    To prove you are not a robot, please answer the following question:

    Testimonials

    "Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."

    Testimonial From Bernard McKeown

    "Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…

    Testimonial From Stephan Hepton

    “I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”

    Testimonial From Dr Chetan

    I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…

    Dr Aldarwish ( International client)

    We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…

    MD of Security Company Dispute Resolution Testimonial

    Client comment on company incorporation and advice on a  shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.

    Director of a Food Company
    Copyright. Nath Solicitors Limited. Registered in England and Wales. Company Number: 08724944. VAT number: 207490711. Office Located at: 35 Berkeley Square, London, W1J 5BF. Nath Solicitors Limited is authorised and regulated by the Solicitors Regulatory Authority. Registration number 608014. Terms Of Use. Privacy Policy. Cookies Policy. Complaints Procedure.