How an ISO 27001 expert can become a GDPR data protection officer

If you are an ISO 27001 practitioner, you are a professional trained to establish, implement, maintain, and continually improve a risk-managed Information Security Management System (ISMS). You probably already know that many of your skills and expertise are useful also in implementing the EU GDPR.

So, in order to increase your job opportunities, you may wonder whether your knowledge is enough to be a data protection officer (DPO) under the GDPR, or if there is something missing that requires extra education. Find the answer in this article.

Sponsorships Available

What is the main difference?

First, it must be clear that we are dealing with two different professional roles with specific roles, responsibilities, and approaches to data protection. One of the main differences between the ISO 27001 expert and the DPO is that the former is not a role expressly mentioned in ISO 27001. Such roles arose because of the complexity of implementing the security standard set in ISO 27001.

Learn more about the job of the DPO in the article The role of the DPO in light of the General Data Protection Regulation.

What are the different responsibilities between an ISO 27001 security officer and a DPO?

Before we explain more details, let’s clear out why these two roles should be separated. An ISO 27001 expert is fully involved in the risk management associated with all the business processes. He manages, trains, and coordinates all aspects of information security in company activities.

The data protection officer, instead, has a different role. The DPO is an intermediate and independent role between data subjects, data controllers, and supervisory authorities. He/she gives advice to the controller and the processor on the obligations pursuant to the GDPR and the data protection laws and regulations of Member States. He checks compliance with the GDPR with other Union (Read more...)