What it Means
Companies should strongly consider working towards gaining certification to prove their commitment to cyber security. Not only will this give peace of mind among management that they have systems in place to prevent against attacks but it will also gain a competitive edge for your company. An official certification acknowledging your information security management systems can cut costs but also gain trust among clients, in a world where personal data is more valuable than ever before. Showing your commitment to protecting the personal data of your clients will help you stand out from the crowd, with an increased reputability.
Investing in an internationally recognised standard such as ISO 27001 or Cyber Essentials is strongly advised. As previously stated there is currently no guaranteed way to show your compliance with EU GDPR however, ISO 27001 is expected to be the adopted standard or near to it. If that may be beyond your financial means, Cyber Essentials is a great alternative for smaller-scale companies as it is a cost-effective, hassle-free mechanism for organisations to demonstrate to customers, investors, insurers and others that they have the taken essential cyber security precautions necessary.
Your company should have sufficient physical and logical controls in place to protect personal data from, loss, destruction, unauthorized access and release. The implementation of anonymisation or pseudonymisation to protect the identity of the data subject should be sufficient enough to ensure their identity cannot be determined and if you use encryption to protect such data, a relevant encryption policy should also be in place. There is no failsafe method to prevent all data breaches so to prepare it to be compliant. Therefore, you should establish and test an incident management process that is ready and capable to respond to any breach of security swiftly and effectively within 72 hours of discovery.