This week Qrious was awarded the international gold standard for privacy information management, ISO 27701
certification.
This new certification was only recently created and builds on the information security standard, IS0 27001, achieved by
Qrious last year. Where 27001 focused on security, ISO 27701 focuses on data privacy and is designed to ensure
organisations have the robust processes and systems in place to manage and protect personal data.
According to Nathalie Morris, Qrious CEO, privacy concerns have never been more urgent: “New Zealand organisations are
at risk of being hit by the perfect data privacy storm. 2020 has seen an explosion in the use of digital platforms with
approximately six years of digital transformation in the past six months. That means that Kiwi companies are collecting,
storing and using more personally identifiable information than ever before - at the exact same time that the risk and
sophistication of privacy breaches has never been greater.
“The Privacy Act comes into effect on 1 December and will shift the onus from the consumer onto any company handling
private information. Organisations will need to be able to provide proof of privacy protections; early intervention and
risk management plans; and be required to provide significantly more information and control to the consumer, including
where data will be processed, and for what purpose. What were fines for non-compliance, will now carry criminal
liability in some cases and mandatory breach notifications. Put simply, the stakes have never been higher,” she says.
Qrious was able to quickly complete the rigorous process for ISO data privacy accreditation and secured certification
soon after it was released. According to Stephen Ponsford, Qrious CTO, this is reflective of the quality of the privacy
policies and procedures Qrious already had in place and further proof that, as New Zealand’s market-leading data,
analytics, AI and data-powered marketing business, Qrious’ number one priority is to keep clients’ customer data safe
and secure.
“Trust and verification of that trust is incredibly important to us. We want our clients to trust Qrious to protect
their customer data - and with ISO certification they know that trust is well-placed because external, independent
auditors have rigorously assessed us against international best practice,” he says.
According to Ponsford, because data security and privacy are intrinsically linked, ISO certification in both confirms
Qrious’ position as industry leaders in this space. As such, Qrious wants to encourage the broader New Zealand data
industry to aspire to the same level of data security and privacy maturity that Qrious has attained - with a focus on
best practice, as opposed to mere compliance.
The good news for the industry, Ponsford says, is that Qrious is committed to using its learnings from the ISO process
to assist other companies: ”It’s important to acknowledge that the perfect system doesn’t exist, but we can support
clients to do everything in their power to avoid issues, stop breaches and should they happen, to manage those to the
international gold standard. We know what best practice looks like, we understand the new rules and legislation and can
assist our clients to comply. Qrious is here to help.”