Recently, the Data Protection Intensive has come into its own as a leading forum for practical data protection education.  Now considered to be one of the best conferences of the year, the 2017 Data Protection Intensive conference was set in London.  There, privacy professionals from around the world gathered together to explore different areas of privacy. This conference was specifically able to deliver innovative solutions to today’s top privacy and data protection challenges.  Though General Data Protection Regulation (GDPR) was the primary subject; a wide range of issues were discussed throughout the week.  During this time, I attended four breakout session that highlighted a range of key issues that are faced in the privacy world.

An internal audit process should be present within the organization, and is vital to the design and effectiveness of any information security program. The requirements of an internal audit can be referred to in Clause 9.2 within the ISO-27001 standard. The process and time constraints of an internal audit vary based on the size and structure of the company.  Also, a greater sense of detail and effectiveness of an internal audit should be similar across all organizations. Initially, a plethora of clients believe that an internal audit is a simple walkthrough of organizational specific processes and applicable controls; however, the internal audit requires the organization to review the ISO-27001 framework and all in-scope Annex A controls based on the Statement of Applicability (SOA). As a result, the ISO-27001 internal audit happens to be more stringent and control focused than many organizations believe it to be prior to beginning the audit.