Learning & Development

Home / Learning & Development / How to integrate GDPR into your ISO 9001 QMS
How to integrate GDPR into your ISO 9001 QMS

How to integrate GDPR into your ISO 9001 QMS


The EU General Data Protection Regulation (GDPR) has come into force. The purpose of this course is to outline how an organisation can integrate GDPR into its ISO 9001 QMS.

The aim of the GDPR is to ensure that an individual’s personal data is stored with consent, for a specific purpose and for a reasonable duration of time.   The GDPR may require a lot of changes for companies that collect, process or store data on any EU citizens. Companies must address issues like:

  • Privacy and security by design
  • Privacy impact assessments
  • Inventories and data-mapping of personal information across all business systems and processes
  • The appointment of a data protection officer (DPO) or data responsible person
  • Evidence to demonstrate reasonable efforts put forth in complying with the GDPR

Part of the ISO 9000 family of quality management standards, ISO 9001 enables organisations to meet multiple overlapping legislative and regulatory requirements by providing the framework for a formal quality management system (QMS).   A strong quality management system gives companies the relevant tools to identify, evaluate, and implement measures to demonstrate legislative and regulatory compliance and reduce exposure to risk—including data and information security risk.

Companies will need to update and change their policies, processes and contracts, to reflect the new GDPR requirements.

Course Content

What will already be there?

If your quality management system is compliant with ISO 9001, then you will already have the following processes in place:

  • Leadership Commitment
  • Policy creation and dissemination
  • Robust processes, supported by technical measures
  • Processes to identify Business Risks and Threats
  • Objectives creation and dissemination
  • Competence, training, and awareness processes
  • Communication of management system information
  • Control of Suppliers
  • Control of system documentation
  • Control of records
  • Corrective action
  • Internal audit
  • Management review

Course Outline

  • Introduction and Background
  • What the GDPR Means in Practice
  • GDPR Principles
  • Governance, Accountability and Management Review
  • Data Protection by Design and by Default
  • Rights of Data Subjects
  • Breach Notification
  • Use of Third Parties and Management of Data Processors
  • How to integrate the requirements into your ISO 9001 Documented System



New Important GDPR management processes:

  • Identifying and Processing Personal Data

The GDPR mandates that an organisation must identify and document all personal data that it collects, as well as the processing activities that relate to that data.

  • Lead GDPR assessment audits
  • Identify risks and non-conformances
  • Implement controls and corrective actions
  • Supplier Management
  • Rights of Data Subjects
  • Set objectives and indicators
  • Keeping Personal Data Accurate and Up to Date
  • Breach Notification

Target Audience

This workshop is for anyone involved in quality, environmental or health and safety management systems whether as a quality manager, environmental manager or health and safety manager this event is of vital importance and a must attend event for all.

Dates and Venues

  • 11th October 2018. 9:30am – 5:00pm, ISME Offices, Dublin 2.


One day course: €230 ISME Members, €325 Non Members.

Booking Essential

Members please log in to avail of your discount


ISME Skillnet