Improved Insight into Data Privacy
Gain a detailed understanding of your current data protection maturity and a comprehensive view of your personal data processing landscape.
Align with Industry Best Practice
Understand the next steps necessary to achieve your target data protection maturity and meet relevant legal requirements, such as the need to appoint a data protection officer (DPO) or to produce a Record of Processing Activities (RoPA).
Meet Your Data Privacy Goals
Achieve your proposed data privacy outcomes with the support of a partner who uses technology to enable change rather than citing limitations.
Overcome Data Privacy Skills Gap
Support your internal data privacy teams by augmenting their capabilities through a highly certified and deeply experienced partner.
Key Challenges Addressed
Many organisations rely on private, public and hybrid cloud services for storage space, computing power or services. In addition to the many benefits of using the cloud, there are risks such as unauthorised access to personal data that can result in data breaches or compromised integrity.
Achieving ISO 27018 certification requires that an organisation has established objectives and controls to guide PII protection measures. These measures are aligned with the privacy principles in ISO/IEC 29100 for a public cloud computing environment.
Ensuring this in practice is a complex process that requires specific skill sets, and experience with the certification process. This may be missing within many organisations and can create ongoing management costs as organisations recruit teams of people to start internal projects.
How it Works
Bridewell’s approach breaks down the complex aspects of the standard in a clear and concise delivery model, that makes the process as simple as possible for our clients. Depending on the specific level of support needed, Bridewell can provide:
Here are some commonly asked questions about ISO 27018. If you’d like to learn more speak to one of our team.
ISO/IEC 27018:2019 is a code of practice for the protection of Personally Identifiable Information (PII) in public clouds, acting as PII processors. ISO27018 is an internationally recognised standard which has been adopted by many organisations.
It confirms that an organisation has established objectives, controls and guidelines for implementing PII protection measures. These measures are aligned with the privacy principles in ISO/IEC 29100 for a public cloud computing environment.
It specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII. These requirements are applicable within the context of the information security risk environment of a provider of public cloud services.
Achieving ISO 27018 compliance helps organisations build a comprehensive and robust security program that takes into account the unique risks associated with storing and processing personal data in the cloud. Additionally, ISO 27018 provides guidance on how to effectively implement technical and organisational measures to protect personal data in the cloud, and how to ensure that these measures are appropriate to the risks posed.
HESA Drive Digital Transformation with Bridewell’s DPO as a Service
"We didn’t just want our DPO to come into HESA to run the data privacy team and maintain business as usual. We needed someone who could add strategic value to our processes and the major projects that are key to our current operations and future ambitions."
- Louise Morrison, General Counsel
Data Privacy Insights
Ready to Take the Next Step?
We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.