+1
I have a couple of questions about GDPR. I’ve reviewed the .eu guides and checklists at https://gdpr.eu/data-privacy/ - but what information should we as an organization have available to show we comply with regulations? I know for SOC 2 you have an output of several different report options, but is there an equivelent for GDPR? Is it really just self assessments?
Best answer by Troy_Fine
View original
+2
Hi - there is no way for an outside party to officially validate GDPR compliance. The closest there is to a validation to GDPR is an ISO 27701 certification. ISO 27701 was created with GDPR as the foundation, but the EU and UK do not officially recognize it as a “certification” or validation that an organization is complying with GDPR. External parties may value an ISO 27701 certification as a way of providing some level of assurance that aspects of GDPR are being met, and it is better than nothing. Keep in mind, ISO 27701 is an extension of ISO 27001, so you must be certified to ISO 27001 in order to get certified to ISO 27701.
+1
Hi - there is no way for an outside party to officially validate GDPR compliance. The closest there is to a validation to GDPR is an ISO 27701 certification. ISO 27701 was created with GDPR as the foundation, but the EU and UK do not officially recognize it as a “certification” or validation that an organization is complying with GDPR. External parties may value an ISO 27701 certification as a way of providing some level of assurance that aspects of GDPR are being met, and it is better than nothing. Keep in mind, ISO 27701 is an extension of ISO 27001, so you must be certified to ISO 27001 in order to get certified to ISO 27701.
This is very helpful thank you. We are already working towards ISO and it sounds like this may be a helpful way to show our users how we are aligned.
+2
You’re welcome. Happy to help.
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.