The International Organization for Standardization ("ISO") has released the world's first international standard to help organizations manage privacy information and meet regulatory requirements.
The ISO 27701 certification for Privacy Information Management Systems ("PIMS") provides its requirements regarding privacy, including GDPR, building on ISO/IEC 27001, by providing necessary extra provisions. It deals with employee awareness programs, risk assessment and documentation and applies to businesses of all sizes and types.
Businesses who wish to improve their cyber security ability should be aware of a document issued by the government of Canada called "Baselines cyber security controls for small and medium organizations".
The overview of the document states:
"This document presents the Canadian Centre for Cyber Security baseline cyber security controls wherein we attempt to apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to the cyber security practices of small and medium organizations in Canada."
The document may be downloaded in PDF form from the website https://cyber.gc.ca/en/guidance/baseline-cyber-security-controls-small-and-medium-organizations-v11-0.
This is a 19 page document which gives details of many steps which companies may use in order to protect their data. It would be wise to have your IT department check same carefully.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
