cdl Group, based in Sevenoaks, Kent, has committed to protecting personal data by extending their existing ISO 27001 Information Security Management System to include the requirements of ISO 27701 for Privacy Information Management AND have undergone an independent third-party audit by Alcumus ISOQAR, who have certified the company to both standards.
Rob Hood, IT and ISO Manager at cdl Group talks to us about the process.
What does cdl Group do?
“cdl Group Ltd is a 22 year old privately owned business.
Our core focus is providing end to end solutions for marketing communications, print, merchandise fulfilment and logistics needs.
At the heart of everything we do is service, integrity and innovation, something we believe is key to success and longevity with our customers, staff and supply chain. Our reputation to this day remains strong and many view us as ‘safe hands’, a comment not often heard in our business sector.
Innovation and the ability to pivot, evolve, has played a huge part in the strategy of our business, with the emergence of the digital transformation era, post pandemic working patterns all affecting what we do and how we do it.
As of 2021, the importance of being able to connect customers and their audience to products and services through secure, controlled cloud based solutions has heightened beyond expectation.”
Why did cdl Group decide to adopt ISO 27701?
“We have seen a spike in security expectations, especially around personal data. We felt that the time was right to add the ISO 27701 extension to help provide credibility.”
Why did cdl Group decide to get an external audit and certification?
“It has always been important to us that everything we do is above board and verifiable. This why we felt the need to engage an independent third party to certify our work.”
How did cdl Group apply ISO 27701 to its business?
“ISO 27701 sits across all areas of our business. From mailing and deliveries to managing our own employee data.”
Were there any challenges during implementation or certification?
“Having had ISO 27001 for several years the process was easily recognisable and with the help of Assent and their excellent consultancy, gaining ISO 27701 was relatively painless.”
What benefits does it bring?
“This gave us areas that we have not previously considered and strengthened existing processes giving us more control and increased insight into personal data security. We have already had a client include this as one of their only recognised means of managing their data.”
ISO 27701 can be implemented as an extension to your ISMS by including additional controls focused on personal identifiable information, many of which align to the EU GDPR and UK Data Protection Act.
Achieving third-party certification to the standard demonstrates to your customers a commitment to protecting personal information and complying with relevant legislation.
Find their website here!