Mon, Oct
46 New Articles

New ISO Standard Issued for Helping Companies to Comply with GDPR

New ISO Standard Issued for Helping Companies to Comply with GDPR

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

IT systems are evolving rapidly: cloud-based solutions, artificial intelligence and automated processes are all making businesses, organizations, and communities more and more efficient. Compared to the 2 billion internet users in 2015, at the end of 2017 there were approximately 3.8 billion internet users worldwide. It is estimated that by 2022 there will be 6 billion internet users (75% of the population that will grow to 8 billion by then) and by 2030 they will reach 7.5 billion (90% of the projected 8.5 billion population). This increase of usage of IT technologies, and the ever growing number of internet users naturally mean more cyber-attacks and hacking activity, that come with a price: much more attention than usual has to be paid to IT security.

Governments around the world have responded with laws and regulations to reduce these threats and protect digital security, and put various data protection rules in place, such as the GDPR regulation by the European Union that all organizations must comply with. Recently, the world's first international standard has been published to help organizations handle personal information and comply with legal regulations. The new ISO standard helps companies meet the requirements, whatever their field of activity.

The new standard was developed by a committee of data protection experts, data protection authorities, information security experts and industry representatives, which helped to make the PIMS standard not only based on GDPR but also on knowledge of good data protection practices and standards in many member states. The main goal was to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. Being a management system, it defines the processes of continuous improvement of data protection, which is especially important in a world where technological development does not stop. All this allows organizations of any size, area of activity or industry to protect and control the data they manage in a safe manner. – explains Rita Párkányi (partner) and Dénes Glavatity (associate) from KCG Partners Law Firm.

A special feature of the standard is that it was created for the purpose of providing a basis for the certification described under Article 42 of GDPR. The PIMS certification is a clear pathway towards the GDPR certification mechanism, which can prove to clients, employees and other third parties that the certified company is operating in accordance with GDPR requirements. It lays down practical guidelines, requirements and measures to ensure that a well operating GDPR-compliant data protection system is in place. This is also due to the fact that the GDPR framework of principles is translated into concrete controls and solutions in this standard. This solution also helps group-level businesses to develop a global data protection framework with the ability to comply with local rules.

It is worthwhile to get ready for a PIMS certification as soon as possible, which can be both a security and a business advantage for companies that handle personal data. The legal experts of KCG Partners, however, draw the attention to the fact that the standard is only available to companies that have already implemented the ISO/IEC 27001 ISMS standard, following the required certification process. Despite the risk of not complying with these rules, it is known that many companies simply are not yet ready and in the need of guidance. As there is a growing number of complaints and penalties for lack of data protection all over the European Union, it is clear that this standard is needed. Moreover, companies need to build trust with authorities, partners, clients and employees, to which this standard contributes significantly.

By Rita Parkanyi, Partner, and Denes Glavatity, Associate, KCG Partners Law Firm

Hungary Knowledge Partner

Nagy és Trócsányi was founded in 1991, turned into limited professional partnership (in Hungarian: ügyvédi iroda) in 1992, with the aim of offering sophisticated legal services. The firm continues to seek excellence in a comprehensive and modern practice, which spans international commercial and business law. 

The firm’s lawyers provide clients with advice and representation in an active, thoughtful and ethical manner, with a real understanding of clients‘ business needs and the markets in which they operate.

The firm is one of the largest home-grown independent law firms in Hungary. Currently Nagy és Trócsányi has 26 lawyers out of which there are 8 active partners. All partners are equity partners.

Nagy és Trócsányi is a legal entity and registered with the Budapest Bar Association. All lawyers of the Budapest office are either members of, or registered as clerks with, the Budapest Bar Association. Several of the firm’s lawyers are admitted attorneys or registered as legal consultants in New York.

The firm advises a broad range of clients, including numerous multinational corporations. 

Our activity focuses on the following practice areas: M&A, company law, litigation and dispute resolution, real estate law, banking and finance, project financing, insolvency and restructuring, venture capital investment, taxation, competition, utilities, energy, media and telecommunication.

Nagy és Trócsányi is the exclusive member firm in Hungary for Lex Mundi – the world’s leading network of independent law firms with in-depth experience in 100+countries worldwide.

The firm advises a broad range of clients, including numerous multinational corporations. Among our key clients are: OTP Bank, Sberbank, Erste Bank, Scania, KS ORKA, Mannvit, DAF Trucks, Booking.com, Museum of Fine Arts of Budapest, Hungarian Post Pte Ltd, Hiventures, Strabag, CPI Hungary, Givaudan, Marks & Spencer, CBA.

Firm's website.

Our Latest Issue