GDPR compliance: Why even the best technical controls aren’t enough

Redbrick GDPR

Whilst assisting clients with General Data Protection Regulation (GDPR) compliance projects we have often been asked why they should consider implementing an information security management system (ISMS) instead of simply implementing a range of technical controls, in order to comply with the much-discussed Article 32 of the GDPR.

Since the GDPR does not provide detailed guidance of what you should do to obtain an effective information security posture, an ISMS aligned to an international standard such as Cyber Essentials or ISO27001 is generally a good starting point.

Why we recommend HM Governments Cyber Essentials Framework for GDPR Security Compliance…

  • Risks can be overlooked, Implementing layers of technical controls that aren’t based on a properly conducted risk assessment means that other important risks related to human error, negligence and process failures are often overlooked. Poor company processes and staff-related problems are known, common points of failure in data security. Many high-profile data breaches have resulted from staff negligence, ignorance or incompetence. An ISMS is based on the outcomes of regular and comprehensive, organisation-wide risk assessments.
  • Threats are not static, Information security threats are constantly evolving and cyber attacks can take many forms. The only way to keep ahead of these growing and constantly changing threats is by adopting a programme that lends itself to continual review and improvement. Without an effective ISMS that can be continually updated and assessed, a set of technical controls can quickly become redundant and dysfunctional, and the organisation can lose track of what it had set out to manage.

Through its all-encompassing approach, an organisation can protect all of its corporate information, intellectual property and personal data by implementing an ISMS aligned to Cyber Essential.

Back to All News

Support For It Icon


Our vast experience and products means we can supply solutions that allow you to spend less time worrying about your IT and more time focusing on your business.

Managed Print Icon


A managed print solution provides your business with brand new, top quality printers or high specification multi-function scan, print and copy devices.

IT Services Icon


Our team are passionate about making sure your IT equipment fulfils your needs and remains reliable.

Web Design Icon


Whether your existing website needs a polish or you’re looking to start from scratch we can provide a tailor made solution to promote your business.

Telecoms Icon


We can provide you with products and services to manage the vast range of communication needs in this rapidly changing environment.