Does Cyber Essentials Cover GDPR?
Achieving Cyber Essentials certification does not mean that your organisation is GDPR compliant, however it is a step in the right direction.
The tools and practices Cyber Essentials promotes can be key in helping your business be compliant to a number of Information Security standards and laws including GDPR, but as it focuses on Technical controls your operational processes and procedures will have to play a part also.
A Cyber Essentials certificate will show that your organisations has taken steps to understand the key Information Security risks and has put controls in place to help manage and mitigate these risks.
Some focus areas of Cyber Essentials such as assessing business risk, staff security training and managing security incidents will help lay the foundation for building GDPR-compliant business practices, just make sure that you understand exactly what GDPR means for your business to avoid potentially costly gaps in your Information Security policies and controls.