Data Protection and GDPR / ISO 27701
The EU-GDPR was designed to give individuals back their control over personal information. It therefore significantly strengthens individuals’ rights against those organisations that process their data.
The EU-GDPR contributes to what is essential in a free economy and a free world: protecting rights and freedoms of people. No one will question this basic acquired freedom.
But, when it comes to assure compliance, organisations find themselves before a mission that can become difficult. Manual systems do not always yield ease of use.
Organisations need to be practical, methodic and build a usable data protection intelligence in order to:
- assure and protect rights and freedoms of “data subjects” (like “right to insights”, “right to be forgotten” ...)
- assure adequate measures to secure data processings that can cause risks to Data Subjects.
- manage international aspects adequately (for instance when your organization has data processed in countries not meeting adequacy criteria)
- assure accessibility, accuracy and protection of data
- assure for preparation, response and handling “data breaches”
The new ISO/IEC 27701:2019 Security techniques for privacy information management is an extension to ISO27001/2 — Requirements and guidelines requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS).