The GDPR will increase safeguards for individuals and make organisations more accountable for how they use our personal data. It brings data protection to the forefront of your organisation's processes; whether you handle personal information relating to your customers or employees, it will have an impact on the way you work.
The General Data Protection Regulation came into force on 25 May 2018. It aims to strengthen data protection for all individuals within the EU regardless of where the data is held.
While the eye-watering fines have grabbed headlines in the business press, the regulation offers organisations opportunities to streamline processes, develop their employees and build trust with consumers.
What we offer
LR recognises that every organisation is unique. The impact of the new regulation will depend upon the complexity of your organisation and the maturity of your management system.
In the information security and data protection arena, our services cover both training and assessment, including:
- GDPR Briefing - An introduction to the principles and concepts found in the regulation.
- GDPR Foundation - Explains the implications for your organisation and the steps to take to become compliant.
- Data Protection Officer (DPO) training - Helps DPOs prepare for the requirements and responsibilities of their new role.
- GDPR readiness assessment and gap analysis
- Data mapping and classification
- We can carry out Data Protection Impact Assessment (DPIA) on your behalf and we can provide DPIA training that gives practical guidance on how to conduct DPIA within your organisation.
- GDPR controls assessment and attestation
- Data protection and information security onboarding via eLearning
- Training, Gap Analysis and Certification for ISO 27001 (information security management), ISO 22301 (societal security – business continuity management systems) and BS 10012 (personal information management system).
Demonstrating compliance through Management Systems
Lloyd's Register (LR) delivers a range of training and certification services for ISO 27001 – the international standard that sets out the requirements for establishing, implementing and improving an information security management system (ISMS) within the context of the organisation. It provides a best practice framework to identify, analyse and implement controls to manage information security risks and safeguard the integrity of business-critical data.
At present, the GDPR does not mandate third-party certification. However, there is alignment between the requirements of ISO 27001 and the GDPR in terms of how organisations should manage their information security policies, controls and processes. Achieving certification to ISO/IEC 27001:2013 demonstrates a commitment to meeting the requirements of the GDPR – demonstrating both compliance and accountability.
What are the benefits?
Build a culture of privacy and trust in your organisation
Regulators are not likely to look favourably on organisations that have made no effort to prepare for the GDPR. The maximum fine for failing to comply – for example using personal data without consent or failing to protect personal data – is up to 20 million EUR or 4% of global turnover for the previous year – whichever is greater.
The GDPR provides an opportunity to transform your organisation’s culture and processes to be more customer-centric and streamlined. Culture change needs to be led from the top to role model the new practices and behaviours that will create a ‘culture of privacy’.
Data protection by design
The GDPR introduces the concept of data protection by design and by default. This is an approach that promotes data protection and privacy from the start of a project. This makes it easier to identify and address potential issues and raises awareness of data protection within the organisation.
Why choose LR?
LR’s technical experts have been at the forefront of international standards development and involved in ISMS assessment, certification and training for many years.
Our high-profile clients in the finance, telecoms, software, internet, consultancy, justice and government sectors trust LR to deliver high quality, consistent and impartial assessments.
Our assessors are qualified professionals with sector-specific information security and IT experience whose objective view will give you confidence in your own security measures aligned with industry best practice.
Your business helps LR to help others
The profits we generate fund the Lloyd’s Register Foundation, a charity that supports engineering-related research, education and public engagement around everything we do. All of this helps us stand by the purpose that drives us every single day: working together for a safer world.
Who we work with
We help businesses across dozens of sectors push forward and achieve like never before. How can we help you?
LR's experts regularly share their research and insights.
Join us at these forthcoming events
15 Nov 18
Cyber Security Summit & Expo
London, United Kingdom