What is GDPR?
General Data Protection Regulation is Europe’s data privacy and security law that imposes obligations onto organizations anywhere in the world, so long as they target or collect data related to persons in the European Union (EU).
Why is it Important?
“The Right to Privacy”
Legal definition: The right of a person to be free from intrusion into or publicity concerning matters of a personal nature.
Due to the growth of the internet and the need for privacy in the late 90s Europe’s data protection authority declared the EU needed “a comprehensive approach to personal data protection”.
Do you understand why it is important? Let’s look at a few of the Data Protection Principles.
Lawfulness, fairness, and transparency
We’ve all at one point had an awkward feeling that a site is invading privacy by asking too much of our personal information, right? To make it worse, no transparency or a clear justification as to why and how the data will benefit you in getting the best experience from the service Huh!
“Processing must be lawful, fair, and transparent to the data subject (Yourself).”
Purpose limitation
How sure that the data you provided will solely be used as justified by the Data Controller or Processor??
I am certain you’ve received messages asking you to participate in a competition such as LUCKBOX which you didn’t subscribe to.
Data minimization
Do you know that an organization should only collect necessary data from you?
Accountability
Would your favorite online shopping platform or even the social media platform take responsibility for your leaked information?
“Accountability breeds response-ability.
― Stephen R. Covey
Think about it this way, You have the power over your data
What is ISO 27701?
ISO 27701 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).
An organization wishing to implement and operate a Privacy Information Management System must have an Information Security Management System in place as PIMS extends ISMS.
ISO 27001 is an Information Security Management System that provides guidance for implementing, maintaining, and continually improving an Information Security Management System (ISMS).
ISO 27701:2019 mapping to GDPR.
ISO 27701:2019 (PIMS) contains Annex D that gives an indicative mapping between PIMS and Articles 5 to 49 with an exclusion of Article 43 which focuses on Certification bodies.
However, it is purely indicative that organizations have the responsibility to assess their legal obligations and decide how to comply with them.
You can also consider training in the areas of Data Privacy and Privacy management Systems below:
- Certified Data Protection Officer
- ISO 27701 PIMS Foundation
- ISO 27701 PIMS Lead Implementer
- ISO 27701 PIMS Lead Auditor
Request a call back below with our experts today to provide you with guidance on how to implement and audit a Privacy Management System or comply with the local Data Privacy supervisory body.
