The Legal Side of Data Security and Protection; PCI DSS & ISO27001

If you run a business, you’re no doubt aware of the importance for valid data protection. The data protection act is clear on what you need to protect, since you often obtain and store personal information from your clients.

Yet, when it comes to more specialized areas of technology, there are a few more rules and regulations that come into play. With this in mind, here is a quick look at one of the most important standards to meet, the PCI DSS, as well as another well recognized security standard, the ISO 27001.

Having both of these standards met will result in a very safe and secure business, one that customers will be happy and safe to give data to.

So, let us look at these data security and protection methods to know which ways we could implement them into our businesses for earned customers trust which could eventually leads to more sales.

In focus: Legal Data Security and Protection

Credit Card Security


This stands for Payment Card Industry Data Security Standard; as the name implies, it’s a legal standard by which you need to secure the information of any cardholder. This is important, given the many ways a customer can now input data into your business.

Whether it’s through physical chip and pin or online data transactions, you have an obligation to maintain a high level of data security from the moment the data is put in.

This can sound rather complicated, so it helps to seek professional advice that’s experienced and knowledgeable in helping you maintain PCI DSS compliance.

PCI-DSS Compliance Controls and Requirements
PCI-DSS Compliance Controls and Requirements

The needs vary from company to company, but if you utilise any such information, it’s important to ensure your data is secure at any given point. This is highly valuable data for your customers, so they also need to know you’re fulfilling your legal obligations to keep their financial data secure.

ISO 27001 securityISO 27001

Another way to ensure a safe system is to utilise one of the standards set by the International Organisation of Standardisation. As the name suggests, this organisation creates a series of industry standards; undertaking one gives both security and credibility to your company. One of the most currently recognised and used standards is ISO 27001.

Unlike PCI DSS, this looks at various data security aspects, checking that a well rounded and fully covered security system is in place. This is a formal specification, but being able to be ISO 27001 compliant is a certificate to the standard of your security. This can reassure yourself, customers and other businesses you come into contact with as it advertises the measures your company has gone to.ISO 27001 protection

In conclusion

At what level can you go to make sure your customer’s data is secure at your care? If you can answer this question with ease, it means you have been able to pass the phase of online data security measures that needed to be put in place for a secure online transaction experience. So, go perform the needed action by making sure your business keeps user data as promised.

Q&A Session on Online Data Security 

Your younger sister is half-dead on hospital bed and what was needed to get her back on her feet walking, hale and healthy is a pill of drug. But the medicine isn’t within your reach unless you make a quick-delivery order from a nearby Jonax chemist store in your household (one and only store that sells the kind of drug in your town).

Unfortunately, you do not have physical cash on you except on the MasterCard in your purse. And the drug must be administered to the patient within the next 2 hours or else, the worse incident will take place.

In this kind of situation, “can you give your financial data to the store without a sign of assurance on your data?”

Let’s be realistic?

I want to read your honest arguments, comments below….thanks for reading this.


6 responses to “The Legal Side of Data Security and Protection; PCI DSS & ISO27001”

  1. Rashmi Sinha Avatar
    Rashmi Sinha

    To safe guard the stored personal information of the clients, it has become of dire importance to secure the data and prevent any kind of tempering. This need to be followed by any organization catering to its customer in public as well as private domain.

    Thanks for this share.

    1. Olawale Daniel Avatar
      Olawale Daniel

      Hi Rashmi,

      Yes, you are right. Thanks for adding your piece…nice seeing you around 🙂

  2. Jamie Salcedo Avatar
    Jamie Salcedo

    Great post Olawale. I had to explain the ISO to one of my bosses a few months ago – not exactly tech savvy. It had to explain other things like keyloggers and types of internet monitoring software we could use to protect our computers just so that they don’t end up making bad tech purchases for the company. I’m not even the IT lead, btw.

    1. Olukunle Moses Avatar
      Olukunle Moses

      That is what information turns you to. Makes you an expert in any field, keep it up bro, and thanks for dropping by.

  3. Samir Jain Avatar
    Samir Jain

    Misuse of credit card and visa card is a big headcase for bankers and customers as well. Data Security and Protection is very bad in countries like India and chine because of more population.

    1. Olukunle Moses Avatar
      Olukunle Moses

      The reason why there is violation is because there is law, lol! the legal issue is important so as to reduce so much violations. Thanks for your comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.