One of the most frequent questions we get asked is:
“Is WriteUpp GDPR compliant?”
Unfortunately, it’s the wrong question to ask as “compliant” implies a level of ratification that doesn’t exist. No one is certified against GDPR.
Whether you’re a data controller or data processor, it’s your responsibility to comply with the regulation based on:
- your interpretation of the regulation
- the applicability of the regulation to your specific business
- your assessment of the risks associated with recording and processing personal data
As there isn’t a box that we (or you) can tick to say you are compliant, you can look for the ISO27001:2013 certification: it is recognised worldwide as the standard for information security management.
GDPR and ISO27001:2013 are not one in the same thing, but in the absence of any mechanism to validate compliance with GDPR, it:
- is a rigorous and rewarding process to go through in tandem with GDPR
- independently challenges our internal systems, processes and thinking on security
- provides data processors (like you) with peace of mind about our security management systems
WriteUpp has been ISO27001:2013 certified since 2017. Below is our certificate:
To ensure that we don’t rest on our laurels an annual audit is carried out by an external third party to ensure our systems continue to meet the stringent requirements set out in the ISO 27001 standard.
If you’re unfamiliar with ISO27001 you can find out more here -> ISO27001:2013 Information technology — Security techniques — Information security management systems — Requirements
If you would like to verify our certification please click here and enter our Certificate Number: 275372018