[Users] GDPR compliance resources

[Marc Gadsdon]

A few folks have asked me for GDPR resources as a follow up to the Tuesday call:

Andrew Shinglers Zimbra GDPR presentation: https://drive.zimbra.io/index.php/s/9ROcRrEG1bvk7ji#pdfviewer

UK Information Commissioners Office (responsible for enforcing this law in the UK) GDPR home page: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

In the UK, we have a gov backed standard called Cyber Essentials which allows organisations to gain a certification by completing a questionnaire and submitting the answers to a certification body. Cyber Essentials + includes an outside auditor and pen test to prove compliance. There are various CE certification bodies and the one most used by our channel resellers seems to be https://www.iasme.co.uk - IASME have developed a GDPR add-on to their CE/CE+ certification and published the full set of questions including both CE and GDPR. Obviously reading the questions isn't going to gain you 'GDPR compliance' it might be helpful to better understand what sort of controls you'll need to have in place. https://www.iasme.co.uk/cyberessentials/basic-level-cyber-essentials/free-download-of-self-assessment-questions/

Hope this helps.

-- 
Marc Gadsdon