ISO 27001 has fast become the de-facto security standard for businesses in the UK, often cited as a minimum requirement for those organisations handling client data; whilst the General Data Protection Regulation specifically requires businesses to implement controls around personal data, ISO 27001 will only go so far in ensuring compliance.
How does ISO 27001 help?
ISO 27001 is all about the Information Security Management System, or ISMS. If you have one then congratulations! There is a good chance you are at least half-way to compliance with the GDPR by having in place:
An Incident Management Procedure
An Asset Database
Secure Development Policies and Procedures
Risk Assessment and Treatment
Access Control Management
Media Handling Procedures
You also have an existing framework to build upon to meet the GDPR's requirements.
Certifying to ISO 27001 is a great start, and covers much of the GDPR Articles, 25, 32, 33 and 34 in regards to information security. To ensure compliance it is recommended to use certification as a means to integrate a Personal Information Management System, or PIMS, to gain the most benefit.
If you'd like some help with implementing either, PECOMi Consulting offer services in both ISO 27001 implementation and GDPR integration.