One of the most frequent questions we get asked is:
“Is WriteUpp GDPR compliant?”
Unfortunately, its the wrong question to ask as “compliant” implies a level of ratification that doesn’t exist. No one is going to be certified against GDPR before or after 25th May 2018.
Whether you’re a data controller or data processor it’s your responsibility to comply with the regulation when it takes effect based on:
- your interpretation of the regulation
- the applicability of the regulation to your specific business
- your assessment of the risks associated with recording and processing personal data
As there isn’t a box that we (or you) can tick to say you are compliant we decided to seek ISO27001:2013 certification as its recognised worldwide as the standard for information security management. To be clear, GDPR and ISO27001:2013 are not one in the same thing but in the absence of any mechanism to validate compliance with GDPR we took the view that it would:
- be a rigorous and rewarding process to go through in preparation for GDPR
- independently challenge our internal systems, processes and thinking on security
- provide data processors (like you) with peace of mind about our security management systems
After a lengthy process, which began in May 2017, I’m delighted to confirm that we are now ISO27001:2013 certified and I would like to thank the whole WriteUpp team for playing their part in this achievement. Below is our certificate:
To ensure that we don’t rest on our laurels an annual audit is carried out by an external third party to ensure our systems continue to meet the stringent requirements set out in the ISO 27001 standard.
If you’re unfamiliar with ISO27001 you can find out more here -> ISO27001:2013 Information technology — Security techniques — Information security management systems — Requirements
If you would like to verify our certification please click here and enter our Certificate Number: 275372018