ISO 27001 is a framework for information protection. According to GDPR, personal data is critical information that all organizations need to protect. Of course, there are some EU GDPR requirements that are not directly covered in

 

ISO 27001, such as supporting the rights of personal data subjects: the right to be informed, the right to have their data deleted, and data portability. But, if the implementation of ISO 27001 identifies personal data as an information security asset, most of the EU GDPR requirements will be covered.

​

ISO 27001 provides the means to ensure this protection. There are many points where the ISO 27001 standard can help companies achieve compliance with this regulation. To find out more, please click here.

​

​

​