SlideShare a Scribd company logo

GDPR vs ISO27001 en

Walter Vannini
Walter Vannini

GDPR is not limited to IT, as it covers any processing of personal data in an organisation. ISO 27001 compliance can be a good starting point, but is not enough for GDPR compliance.

Law
1 of 2
Download to read offline
To protect fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data PURPOSE Not enough GDPR To define, implement, maintain and continuously improve an Information Security Management System Applies to the processing of all personal data in an organisation SCOPE Information in the organisation's Information System Depend on the impact that unauthorised or unlawful processing, loss, destruction or damage of personal data can have on the data subject SECURITY MEASURES Depend on the value of the data to the organisation Data are processed lawfully, fairly and in a transparent manner in relation to the data subject LAWFULNESS, FAIRNESS, TRANSPARENCY PURPOSE LIMITATION Data are processed as prescribed by the organisation's own internal procedures Data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes No prescription Data collection is limited to what is necessary in relation to the purposes for which the data are processed DATA MINIMISATION No prescription ©2018 W. Vannini ipse@waltervannini.it v0.1 ★ 01 ★ 02 ★ 03 ★ 04 ★ 05 ★ 06 ISO 27001
Personal data must be accurate and, where necessary, kept up to date ACCURACY Not enough ISO 27001GDPR No prescription For no longer than is necessary for the purposes for which the personal data are processed STORAGE LIMITATION No prescription Ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage INTEGRITY Evaluates and treats information security risks according to the needs of the organisation The controller is responsible and able to demonstrate compliance with GDPR RESPONSIBILITY OF CONTROLLER No prescription Fines up to 20M€ or up to 4% of global revenue No prescription Certification body complies with ISO/IEC 17065 (products, processes, services) CERTIFICATION Certification body complies with ISO/IEC 17021 (management systems) ACCOUNTABILITY ★ 07 ★ 08 ★ 09 ★ 10 ★ 11 ★ 12 ©2018 W. Vannini ipse@waltervannini.it v0.1

Recommended

GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 

Recommended

GDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantGDPR and ISO 27001 - how to be compliant
GDPR and ISO 27001 - how to be compliantIlesh Dattani
 
Compliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enCompliance mapping GDPR vs ISO_en
Compliance mapping GDPR vs ISO_enBalázs Antók
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Why ISO-27001 is a better choice?
Why ISO-27001 is a better choice? Patten John
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.IGN MANTRA
 
Any Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsAny Standard is Better Than None: GDPR and the ISO Standards
Any Standard is Better Than None: GDPR and the ISO StandardsPECB
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)Carlos Ayil
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyEvents2018
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsJudyJordaan1
 

More Related Content

What's hot

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by SripathiPrajwal Panchmahalkar
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyEvents2018
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Karina Matos
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASISDermot Clarke
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrityAxon Lawyers
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorMSpadea
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgEric Vanderburg
 

What's hot (20)

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
 
we45 ISO-27001 Case Study
we45 ISO-27001 Case Studywe45 ISO-27001 Case Study
we45 ISO-27001 Case Study
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
ISO_27001___2005_OASIS
ISO_27001___2005_OASISISO_27001___2005_OASIS
ISO_27001___2005_OASIS
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
Data protection and data integrity
Data protection and data integrity Data protection and data integrity
Data protection and data integrity
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services SectorLegal And Regulatory Dp Challenges For The Financial Services Sector
Legal And Regulatory Dp Challenges For The Financial Services Sector
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
 

Similar to GDPR vs ISO27001 en

My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsJudyJordaan1
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Gdpr ready reckoner for marketers
Gdpr ready reckoner for marketersGdpr ready reckoner for marketers
Gdpr ready reckoner for marketersSmarteInc
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life CycleJatin Kochhar
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
data-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdfdata-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdfkiruthigajawahar6
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Followetouches
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Software Integrity Group
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)Napier University
 

Similar to GDPR vs ISO27001 en (20)

My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
GDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundationsGDPR-compliance for SMEs and foundations
GDPR-compliance for SMEs and foundations
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Gdpr ready reckoner for marketers
Gdpr ready reckoner for marketersGdpr ready reckoner for marketers
Gdpr ready reckoner for marketers
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
data-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdfdata-privacy-egypt-what-you-need-know-en.pdf
data-privacy-egypt-what-you-need-know-en.pdf
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
 

More from Walter Vannini

Come far fallire un progetto data-driven in modo certo e doloroso
Come far fallire un progetto data-driven in modo certo e dolorosoCome far fallire un progetto data-driven in modo certo e doloroso
Come far fallire un progetto data-driven in modo certo e dolorosoWalter Vannini
 
Competenze digitali per Smart Cities
Competenze digitali per Smart CitiesCompetenze digitali per Smart Cities
Competenze digitali per Smart CitiesWalter Vannini
 
Crescere (i) digitali 3 cosa fare
Crescere (i) digitali 3 cosa fareCrescere (i) digitali 3 cosa fare
Crescere (i) digitali 3 cosa fareWalter Vannini
 
Crescere (i) digitali 2 cosa fanno
Crescere (i) digitali 2 cosa fannoCrescere (i) digitali 2 cosa fanno
Crescere (i) digitali 2 cosa fannoWalter Vannini
 
Crescere (i) digitali 1
Crescere (i) digitali 1Crescere (i) digitali 1
Crescere (i) digitali 1Walter Vannini
 
Merende scientifiche 2014
Merende scientifiche 2014Merende scientifiche 2014
Merende scientifiche 2014Walter Vannini
 
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...Walter Vannini
 
Merende Scientifiche 2013
Merende Scientifiche 2013Merende Scientifiche 2013
Merende Scientifiche 2013Walter Vannini
 
Come farsi capire dagli Informatici (Smau Roma 2013)
Come farsi capire dagli Informatici (Smau Roma 2013)Come farsi capire dagli Informatici (Smau Roma 2013)
Come farsi capire dagli Informatici (Smau Roma 2013)Walter Vannini
 
Deep DISC - From Better Personal Awareness to DISC And Back
Deep DISC - From Better Personal Awareness to DISC And BackDeep DISC - From Better Personal Awareness to DISC And Back
Deep DISC - From Better Personal Awareness to DISC And BackWalter Vannini
 
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...Walter Vannini
 

More from Walter Vannini (15)

Gdpr For Nerds
Gdpr For NerdsGdpr For Nerds
Gdpr For Nerds
 
Hackers Don't Matter
Hackers Don't MatterHackers Don't Matter
Hackers Don't Matter
 
GDPR vs 27001 ITA
GDPR vs 27001 ITAGDPR vs 27001 ITA
GDPR vs 27001 ITA
 
Come far fallire un progetto data-driven in modo certo e doloroso
Come far fallire un progetto data-driven in modo certo e dolorosoCome far fallire un progetto data-driven in modo certo e doloroso
Come far fallire un progetto data-driven in modo certo e doloroso
 
Competenze digitali per Smart Cities
Competenze digitali per Smart CitiesCompetenze digitali per Smart Cities
Competenze digitali per Smart Cities
 
Crescere (i) digitali 3 cosa fare
Crescere (i) digitali 3 cosa fareCrescere (i) digitali 3 cosa fare
Crescere (i) digitali 3 cosa fare
 
Crescere (i) digitali 2 cosa fanno
Crescere (i) digitali 2 cosa fannoCrescere (i) digitali 2 cosa fanno
Crescere (i) digitali 2 cosa fanno
 
Crescere (i) digitali 1
Crescere (i) digitali 1Crescere (i) digitali 1
Crescere (i) digitali 1
 
Merende scientifiche 2014
Merende scientifiche 2014Merende scientifiche 2014
Merende scientifiche 2014
 
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...
Il futuro è dato: Data Science e Network Science e l'azienda del XXI secolo (...
 
Merende Scientifiche 2013
Merende Scientifiche 2013Merende Scientifiche 2013
Merende Scientifiche 2013
 
Come farsi capire dagli Informatici (Smau Roma 2013)
Come farsi capire dagli Informatici (Smau Roma 2013)Come farsi capire dagli Informatici (Smau Roma 2013)
Come farsi capire dagli Informatici (Smau Roma 2013)
 
Disc now
Disc nowDisc now
Disc now
 
Deep DISC - From Better Personal Awareness to DISC And Back
Deep DISC - From Better Personal Awareness to DISC And BackDeep DISC - From Better Personal Awareness to DISC And Back
Deep DISC - From Better Personal Awareness to DISC And Back
 
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...
Non tutti i gusti sono alla menta; il modello Extended DISC(r) e la gestione ...
 

Recently uploaded

如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书Fs Las
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书 如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书Fir sss
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxnibresliezel23
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGPRAKHARGUPTA419620
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书Fir L
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxAbhishekchatterjee248859
 

Recently uploaded (20)

如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
如何办理(Lincoln文凭证书)林肯大学毕业证学位证书
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书 如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书
如何办理(KPU毕业证书)加拿大昆特兰理工大学毕业证学位证书
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to Service
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKING
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
POLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptxPOLICE ACT, 1861 the details about police system.pptx
POLICE ACT, 1861 the details about police system.pptx
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 

GDPR vs ISO27001 en

  • 1. To protect fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data PURPOSE Not enough GDPR To define, implement, maintain and continuously improve an Information Security Management System Applies to the processing of all personal data in an organisation SCOPE Information in the organisation's Information System Depend on the impact that unauthorised or unlawful processing, loss, destruction or damage of personal data can have on the data subject SECURITY MEASURES Depend on the value of the data to the organisation Data are processed lawfully, fairly and in a transparent manner in relation to the data subject LAWFULNESS, FAIRNESS, TRANSPARENCY PURPOSE LIMITATION Data are processed as prescribed by the organisation's own internal procedures Data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes No prescription Data collection is limited to what is necessary in relation to the purposes for which the data are processed DATA MINIMISATION No prescription ©2018 W. Vannini ipse@waltervannini.it v0.1 ★ 01 ★ 02 ★ 03 ★ 04 ★ 05 ★ 06 ISO 27001
  • 2. Personal data must be accurate and, where necessary, kept up to date ACCURACY Not enough ISO 27001GDPR No prescription For no longer than is necessary for the purposes for which the personal data are processed STORAGE LIMITATION No prescription Ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage INTEGRITY Evaluates and treats information security risks according to the needs of the organisation The controller is responsible and able to demonstrate compliance with GDPR RESPONSIBILITY OF CONTROLLER No prescription Fines up to 20M€ or up to 4% of global revenue No prescription Certification body complies with ISO/IEC 17065 (products, processes, services) CERTIFICATION Certification body complies with ISO/IEC 17021 (management systems) ACCOUNTABILITY ★ 07 ★ 08 ★ 09 ★ 10 ★ 11 ★ 12 ©2018 W. Vannini ipse@waltervannini.it v0.1