Both ISO 27001 Certification and SOC2 reports can be incredibly useful tools for data controllers attempting to vet or manage data processors. However, they cannot simply be taken at face value to signify EU General Data Protection Regulation compliance. In this article for The Privacy Advisor, Timothy Dickens, CIPP/A, CIPP/E, CIPP/US, reports that in order to meet the GDPR’s requirements, controllers will need to dedicate the time and expertise of privacy and security professionals to the careful review of processor policies and contracts and not simply assume that ISO 27001 Certification and the existence of a SOC 2 report demonstrate a GDPR-compliant processor.
Full Story
Comments
If you want to comment on this post, you need to login.