Quantar provides audit and consultancy services in the domains of GDPR implementation within an organization and also the external auditing of a data privacy program that is intended to meet the GDPR requirements.
This is necessary for both a new GDPR project ahead of the May 2018 but also post-implementation due to the ongoing needs for compliance. Examples here are where systems, processes or methodologies change, or where suppliers are either changed or they change their operating practices for their own purposes.
We also provide ISO/IEC 27001 external auditing services. In the case of an ISO certification, there will be ongoing audit and oversight visits, both leading up to certification and also observation visits during each 3-year term of the certification period. However, in the case of GDPR, the use of ISO 27001 as a form of proving compliance with the requirements of GDPR may require an external view of the ISO 27001 implementation to ensure that this is the case.
In some instances, ISO 27001 Appendix A stipulations can actually trigger GDPR breaches in an anomaly of what the intention is in using ISO 27001 for compliance purposes. An example is where logging of individuals to ensure data security within Appendix A actually creates personally identifiable data, which then comes under the remit of GDPR.
Only someone who is well-versed and certified in both GDPR and in ISO 27001 auditing would in many cases be capable of identifying potential issues and be able to resolve them for both ISO 27001 and GDPR compliance.