Changes in Data Protection Regulations and ISO Standards which will happen in 2018

The data protection regulations (GDPR) will come into effect in late May this year to be followed by the requirement for companies with ISO9001 and/or ISO14001 Certifiction to transition to the 2015 versions of these 2 Standards by mid September this year.
Do companies appreciate the full implications of GDPR and do they realize the full extent of the data they will need to protect? I suspect that in many small companies the senior management are struggling to fully protect data held by the company such as customer information and employee records.
As regards the ISO9001 and ISO14001 2015 Standards the requirements for senior management to have full ownership of the Quality and Environmental Management Systems will in some cases be a wake up call for the Senior Management. No longer will this be delegated to a management representative and furthermore they must be able to convince external auditors that they are fully committed to the Management Systems.
The new clauses in the Standards regarding, Context of the organisation; assessment of risks and opportunities and Leadership have to be fully addressed by company senior management.

Advertisements