The GDPR requires safeguards and measures for protecting personal data, ensuring safe data processing, and managing notifications of potential breaches.
It applies to organizations collecting, processing, and storing EU citizens’ personal data or EEA. This regulation also applies to:
- Organizations with a physical presence in at least one-member state of the European Union.
- Organizations located outside of the EU, if they offer services, monitor, or process data subjects which belong in the European Union, even if the company location is not in the European Union.
There is a considerable amount of overlap between the controls provided in GDPR with the controls provided in Annex A of ISO 27001. Additional controls from GDPR can be added to the Statement of Applicability (SOA) of ISO 27001 registration audit. Registration scope statement will mention that the SOA includes controls from GDPR.
Want to learn more about GDPR? Take a look at our March 2018 recorded webinar.