Information security and privacy according to standard guidelines
Working with and processing personal data is a sensitive subject. At Moove, we understand that our telematics solutions must meet the highest information security and data privacy standards. Our ISO 27001 and ISO 27701 certifications support that ambition. We asked Nico Nijenhuis, Lead Auditor of Information Security & Privacy at TÜV Nord Netherlands, about ISO 27701 and the certification process.
The new standard for handling privacy
ISO 27701 is a new standard that focuses on the potential impact on the privacy of third parties. This presents a key difference from the ISO 27001 information security standard, which mainly looks at the risks to an organisation (for example, when confidential information is compromised, resulting in reputational damage and fines). The ISO 27701 standard also goes hand in hand with mandatory laws and regulations, which offers companies an immediate opportunity to demonstrate that they are in compliance with the latter. Among other things, ISO 27701 can support compliance with GDPR requirements.
Nico Nijenhuis explains what ISO 27701 certification means for Moove. “When it comes to privacy, there are two roles within an organisation. One is that of data controller, the other of data processor. The data controller role deals with the privacy of people with whom you have a relationship as an organisation, such as suppliers and physical or digital visitors. The data processing role is responsible for protecting the personal data of third parties that has been entrusted to the organisation. You can certify them both or only one of the two. Moove has chosen to only certify the data processor role, as this is currently much more in line with the services it offers: professional and compliant with laws and regulations.”
Information security and data privacy as an essential part of any telematics solution
'The impact of our telematics solutions on an organisation’s information security and data privacy can be quite significant. We attach great value to clearly outlining the importance of the implementation process in these areas as early in the collaboration as possible. We fully support this with a privacy and security programme that is completely in line with an organisation’s wants and needs.'
Willem Duijf – CEO Moove
Nico Nijenhuis recognised this ambition during the certification process. “Everyone has to work according to privacy standards, but now, this has also been established by an independent party. This also ensures that you can publicly make this claim as a company. Moove has an intrinsic motivation to properly address information security and privacy issues. People are a key pillar in Moove’s business operations, which makes it a lot easier to work together towards the desired result.”
The future of data, privacy and security
ISO 27001 is currently the key international standard when it comes to information security. It remains to be seen whether ISO 27701 will also become the standard for privacy, but it is certainly attracting more and more attention worldwide. Nico Nijenhuis also observes some notable movements in the market. “I’ve noticed that the ISO standard and legislation seem to be converging. The GDPR itself also includes an article that outlines a certification system, which operates via the European Data Protection Board. It’s a different route than the ISO standard, but it does mean that in the future, it might become possible for the ISO certificate to also count as a GDPR certificate.”
“In addition, privacy and law enforcement also show a structural capacity deficit. At the same time, another movement is emerging with class action suits, in which private parties are suing organisations. And these are not just the big players, so the risks of getting ‘caught’ are arguably increasing despite supervisory parties lagging in their enforcement.”
In any case, with the ISO certifications it has obtained, Moove is taking all possible steps to meet the information security and data privacy requirements of our global customers. Want to know more about how we deal with these issues and how our telematics solutions can work for your organisation? Contact us for a demo.