SlideShare a Scribd company logo

Any Standard is Better Than None: GDPR and the ISO Standards

PECB
PECB

This presentation has been delivered by Frans van Gessel at the PECB Insights Conference 2018 in Paris

Education
1 of 39
GDPR and the ISO’s Frans van Gessel Coördinator Information Security and Privacy MinEZK Any standard is better than none
2 Meeting you, meeting me Frans van Gessel  I am working for the department of Economic Affairs in the Hague, now becoming two departements:  Ministry of Economic Affairs and Climate  Ministry of Agriculture, Nature and Food quality  Responsible for first phase GDPR implementation  PECB partner, trainer and auditor  Duijnborgh auditor ISO 27001 and NEN 7510
3 This meeting Contents  Complaining about GDPR  Auditors view  Implementers view on ISO’s  Opportunity for PECB auditing
4 Introduction Complaining  So we have the GDPR since 2016  It is not a standard, it is a law  Fat fines for non-compliance  Auditors nightmare  Comply or explain now becomes Complain
5 The flaws of GDPR More complaining  Political product disguised as a regulation  Not concrete enough for compliance and auditing  To vague to translate in goals  No management commitment, the buck stops at the Controller  No dynamics, it’s flat  No PDCA, so risk of ticking the box
6 The GDPR and Self Regulation GDPR:40 Codes of Conduct per category of Controllers, may be prepared by associations, to be approved by DPA or the EDPB. As of now, none is published on the EDPB site
7 The GDPR and Certification GDPR:42, 43  Data Protection Seals & Marks  European Data Protection Seal  Voluntary certification, encouraged by Member States  ISO 17065 as the auditors guidance, not 17021/19011  So GDPR is considered to be a set of products and services
8 GDPR Data Protection by Design GDPR:25 Still: “appropriate technical and organisational measures” Such as pseudonymisation and data minimalisation A certification mechanism demonstrates compliance
9 The flaws of ISO 17065  Products and services standard  Conformity assessment  Not to many auditors
10 GDPR as products and services Supervisory Authority Data Protection Officer Privacy Impact Assessment Binding Corporate Rules PbD2 Records of processing Controller Processor ISO 27001 ISMS Data breach notification
11 How to use ISO’s implementing GDPR The Privacy Framework: ISO 29100 PECB Whitepaper on implementing a privacy network
12 ISO’s and the GDPR Privacy Framework: ISO 29100:2011 Principles:
13 ISO’s and the GDPR Privacy Framework: ISO 29100:2011
14 ISO’s and the GDPR Privacy Framework: ISO 29100:2011
15 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Provides overview and guidance for PII processing within the ISO 29100 framework
16 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
17 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Three Layers: Each layer is a logical group of components that contribute to a specific goal in the processing of PII 1. Privacy Settings Layer 2. Identity and Access Management layer 3. PII processing layer
18 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
19 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Privacy Settings Layer: Communicate system privacy policy and privacy preferences to the relevant actors: • Identities of Controller and Processor • Purpose of the collection • Legal rights of the data subject/PII principal • Identification of the PII • Policies about transfer • PET use
20 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
21 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Identity and Access Management layer: To identify the actors and their ICT systems and manage the related identity information; how they access the PII: • Manage the identities of the stakeholders • Manage identities of actors • Deliver info to other components • Manage mappings in case of pseudonymization
22 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
23 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 PII processing layer: To identify the actors and their ICT systems and manage the related identity information; how they access the PII: • PII collection and transfer • PII processing and presentation • Storing and archiving • Auditing, logging and monitoring
24 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
25 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
26 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 Codes of practise for PII protection Extension of ISO 27002 guidelines and in the same format
27 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 6 Organization of information security 6.1 Internal organization 6.1.1 Introduction The objective specified in 6.1 of ISO/IEC 27002 applies. 6.1.2 Information security roles and responsibilities Control 6.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002 apply. The following additional guidance also applies. Implementation guidance for the protection of PII Roles and responsibilities for the protection of PII need to be clearly defined, properly documented and appropriately communicated. Specifically:
28 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 Implementation guidance for the protection of PII Duties and area of responsibilities for PII protection should be independent of those for information security. While recognizing the importance of information security for the protection of PII, it is important that duties and area of responsibilities of the security and PII protection be as independent of each other as possible. If necessary or helpful, in the interest of PII protection, coordination and cooperation of those responsible for information security and for PII protection should be facilitated. Organizations should adopt the principle of segregation of duties when assigning access rights for PII processing, especially any processing identified as high risk. Access to PII being processed and access to log files concerning that processing should be separate duties. Access to information concerning the collection of PII in order to respond to requests from PII principals should be segregated from all other forms of access to PII. Access should be limited to those whose duties include responding to PII principal requests. Content of ISO 29151 can be added to the ISMS controls database
29 ISO’s and the GDPR Incident handling: ISO 27035:2016 Principles Data breach notification
30 ISO’s and the GDPR Incident handling: ISO 27035:2016 Principles Data breach notification
31 ISO’s and the GDPR ISO 29134:2017 PIA Privacy Impact Assessment Criteria for performing a PIA differ from GDPR. In GDPR the risk to the rights and freedoms of data subjects are central in the performance of the PIA CNIL.FR PIA method (PIAF) and software Commission Nationale de l’Informatique et des Libertés
32 Privacy Impact Assessment ISO’s and the GDPR ISO 29134:2017 PIA When: Recital 75 The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.
33 ISO’s and the GDPR ISO 29134:2017 PIA Privacy Impact Assessment
34 ISO’s and the GDPR Other ISO’s ISO 27018 Outsourcing personal data to the cloud ISO 31000 Integrated Risk Management ISO 27005 Risk Management for Information Security
35 GDPR implementation Are we there yet?
36 Data Protection Officer ISO 29151 Chief Privacy Officer Working Group 29 elaborations Stronger definition in GDPR Data Protection Officer
37 Privacy by Design and by Default Implementation in the non-functional requirements area of system design and system development For newly designed systems Planning for legacy systems: through change management PbD2
38 Certification EDPB Seal or PECB certification How do we serve companies that operate on different locations within the EU? Using the ISO 17065 to develop a scheme in a “products and services” fashion that describes the GDPR PECB can own the scheme and train the auditors. There is no need for local accreditation
39 Questions?

Recommended

ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 

Recommended

ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27701
ISO 27701ISO 27701
ISO 27701UtkarshDhiman4
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
GDPRBrief.pptx
GDPRBrief.pptxGDPRBrief.pptx
GDPRBrief.pptxBabatundeAbioye2
 

More Related Content

What's hot

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewNaresh Rao
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 

What's hot (20)

ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 

Similar to Any Standard is Better Than None: GDPR and the ISO Standards

GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyEvents2018
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Andrea Leonardi
 
NQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNA Putra
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & ApproachPriyanka Aash
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)MRS
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018Dean Evans
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 ayeshaurooj104
 

Similar to Any Standard is Better Than None: GDPR and the ISO Standards (20)

GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701
 
GDPRBrief.pptx
GDPRBrief.pptxGDPRBrief.pptx
GDPRBrief.pptx
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
Data Protection - GDPR - Lantern fundforum 2017 Leonardi Andrea - Michelotti ...
 
NQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIMNQA ISO 27701:2019 - PIM
NQA ISO 27701:2019 - PIM
 
(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach(SACON) Srinivas posarala - Challenges & Approach
(SACON) Srinivas posarala - Challenges & Approach
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliant
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
 
What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?What happens if you’re not ready for the GDPR?
What happens if you’re not ready for the GDPR?
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

Any Standard is Better Than None: GDPR and the ISO Standards

  • 1. GDPR and the ISO’s Frans van Gessel Coördinator Information Security and Privacy MinEZK Any standard is better than none
  • 2. 2 Meeting you, meeting me Frans van Gessel  I am working for the department of Economic Affairs in the Hague, now becoming two departements:  Ministry of Economic Affairs and Climate  Ministry of Agriculture, Nature and Food quality  Responsible for first phase GDPR implementation  PECB partner, trainer and auditor  Duijnborgh auditor ISO 27001 and NEN 7510
  • 3. 3 This meeting Contents  Complaining about GDPR  Auditors view  Implementers view on ISO’s  Opportunity for PECB auditing
  • 4. 4 Introduction Complaining  So we have the GDPR since 2016  It is not a standard, it is a law  Fat fines for non-compliance  Auditors nightmare  Comply or explain now becomes Complain
  • 5. 5 The flaws of GDPR More complaining  Political product disguised as a regulation  Not concrete enough for compliance and auditing  To vague to translate in goals  No management commitment, the buck stops at the Controller  No dynamics, it’s flat  No PDCA, so risk of ticking the box
  • 6. 6 The GDPR and Self Regulation GDPR:40 Codes of Conduct per category of Controllers, may be prepared by associations, to be approved by DPA or the EDPB. As of now, none is published on the EDPB site
  • 7. 7 The GDPR and Certification GDPR:42, 43  Data Protection Seals & Marks  European Data Protection Seal  Voluntary certification, encouraged by Member States  ISO 17065 as the auditors guidance, not 17021/19011  So GDPR is considered to be a set of products and services
  • 8. 8 GDPR Data Protection by Design GDPR:25 Still: “appropriate technical and organisational measures” Such as pseudonymisation and data minimalisation A certification mechanism demonstrates compliance
  • 9. 9 The flaws of ISO 17065  Products and services standard  Conformity assessment  Not to many auditors
  • 10. 10 GDPR as products and services Supervisory Authority Data Protection Officer Privacy Impact Assessment Binding Corporate Rules PbD2 Records of processing Controller Processor ISO 27001 ISMS Data breach notification
  • 11. 11 How to use ISO’s implementing GDPR The Privacy Framework: ISO 29100 PECB Whitepaper on implementing a privacy network
  • 12. 12 ISO’s and the GDPR Privacy Framework: ISO 29100:2011 Principles:
  • 13. 13 ISO’s and the GDPR Privacy Framework: ISO 29100:2011
  • 14. 14 ISO’s and the GDPR Privacy Framework: ISO 29100:2011
  • 15. 15 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Provides overview and guidance for PII processing within the ISO 29100 framework
  • 16. 16 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 17. 17 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Three Layers: Each layer is a logical group of components that contribute to a specific goal in the processing of PII 1. Privacy Settings Layer 2. Identity and Access Management layer 3. PII processing layer
  • 18. 18 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 19. 19 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Privacy Settings Layer: Communicate system privacy policy and privacy preferences to the relevant actors: • Identities of Controller and Processor • Purpose of the collection • Legal rights of the data subject/PII principal • Identification of the PII • Policies about transfer • PET use
  • 20. 20 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 21. 21 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 Identity and Access Management layer: To identify the actors and their ICT systems and manage the related identity information; how they access the PII: • Manage the identities of the stakeholders • Manage identities of actors • Deliver info to other components • Manage mappings in case of pseudonymization
  • 22. 22 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 23. 23 ISO’s and the GDPR Privacy Framework: ISO 29101:2013 PII processing layer: To identify the actors and their ICT systems and manage the related identity information; how they access the PII: • PII collection and transfer • PII processing and presentation • Storing and archiving • Auditing, logging and monitoring
  • 24. 24 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 25. 25 ISO’s and the GDPR Privacy Framework: ISO 29101:2013
  • 26. 26 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 Codes of practise for PII protection Extension of ISO 27002 guidelines and in the same format
  • 27. 27 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 6 Organization of information security 6.1 Internal organization 6.1.1 Introduction The objective specified in 6.1 of ISO/IEC 27002 applies. 6.1.2 Information security roles and responsibilities Control 6.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002 apply. The following additional guidance also applies. Implementation guidance for the protection of PII Roles and responsibilities for the protection of PII need to be clearly defined, properly documented and appropriately communicated. Specifically:
  • 28. 28 ISO’s and the GDPR Privacy Framework: ISO 29151:2017 Implementation guidance for the protection of PII Duties and area of responsibilities for PII protection should be independent of those for information security. While recognizing the importance of information security for the protection of PII, it is important that duties and area of responsibilities of the security and PII protection be as independent of each other as possible. If necessary or helpful, in the interest of PII protection, coordination and cooperation of those responsible for information security and for PII protection should be facilitated. Organizations should adopt the principle of segregation of duties when assigning access rights for PII processing, especially any processing identified as high risk. Access to PII being processed and access to log files concerning that processing should be separate duties. Access to information concerning the collection of PII in order to respond to requests from PII principals should be segregated from all other forms of access to PII. Access should be limited to those whose duties include responding to PII principal requests. Content of ISO 29151 can be added to the ISMS controls database
  • 29. 29 ISO’s and the GDPR Incident handling: ISO 27035:2016 Principles Data breach notification
  • 30. 30 ISO’s and the GDPR Incident handling: ISO 27035:2016 Principles Data breach notification
  • 31. 31 ISO’s and the GDPR ISO 29134:2017 PIA Privacy Impact Assessment Criteria for performing a PIA differ from GDPR. In GDPR the risk to the rights and freedoms of data subjects are central in the performance of the PIA CNIL.FR PIA method (PIAF) and software Commission Nationale de l’Informatique et des Libertés
  • 32. 32 Privacy Impact Assessment ISO’s and the GDPR ISO 29134:2017 PIA When: Recital 75 The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from personal data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorized reversal of pseudonymization, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; where personal data are processed which reveal racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or criminal convictions and offences or related security measures; where personal aspects are evaluated, in particular analyzing or predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behavior, location or movements, in order to create or use personal profiles; where personal data of vulnerable natural persons, in particular of children, are processed; or where processing involves a large amount of personal data and affects a large number of data subjects.
  • 33. 33 ISO’s and the GDPR ISO 29134:2017 PIA Privacy Impact Assessment
  • 34. 34 ISO’s and the GDPR Other ISO’s ISO 27018 Outsourcing personal data to the cloud ISO 31000 Integrated Risk Management ISO 27005 Risk Management for Information Security
  • 36. 36 Data Protection Officer ISO 29151 Chief Privacy Officer Working Group 29 elaborations Stronger definition in GDPR Data Protection Officer
  • 37. 37 Privacy by Design and by Default Implementation in the non-functional requirements area of system design and system development For newly designed systems Planning for legacy systems: through change management PbD2
  • 38. 38 Certification EDPB Seal or PECB certification How do we serve companies that operate on different locations within the EU? Using the ISO 17065 to develop a scheme in a “products and services” fashion that describes the GDPR PECB can own the scheme and train the auditors. There is no need for local accreditation