GDPR and ISO 22301

In Article 32 of the General Data Protection Regulation (GDPR) it outlines the requirements for organisations to be able to restore the availability and access to personal data in a timely manner should a physical or technical incident occur. 

If all else fails and your organisation becomes a victim of a data security breach, ISO 22301, will help your organisation to recover. It can provide a framework for your organisation to implement processes and procedures to reduce the impact and build a capability to respond effectively should an incident occur. In this context it provides the perfect mechanism for managing data breaches.

The GDPR also stipulates that organisations should implement a process for regularly testing, accessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the data processing. 

ISO 22301 helps organisation to successfully rehearse business continuity processes and action plans and shows your ability to maintain critical business services should an incident occur. This provides stakeholder confidence that your disaster recovery processes work and are effective in protecting their personal data.

GDPR and ISO 22301 Factsheet

Certification to ISO 22301 by Lloyd's Register can help you identify and mitigate data security risks.