Data Protection Management according to GDPR – ISO 27701
The fundamental objective of data protection management in accordance with GDPR is to preventthe abuse of an individual’s personal data. Companies are facing the challenge of meeting the requirements of the GDPR whilst developing effective concepts for the protection
- of customer data,
- of employee data and
- for IT security
Especially the extensive documentation and verification obligations result in a complex implementation.
Companies / organizations have for example to,
- prove exactly which data is collected
- keep a register of processing activities (ROPA) according to Art. 30 EU-GDPR (formerly the register of procedures)
- comply with the extension of the rights of data subjects, by considering information obligations when collecting data
Here, it is recommended to establish a data protection management software like QSEC, which supports all data protection and information security management requirements.
In connection with information security management according to the requirements of ISO 27001, extended by ISO 27701 as a supplement to ISO 27002 In QSEC the following areas can be implemented:
- all requirements from the EU- GDPR be comfortably implemented
- all information considered, regardless of whether this data is in paper or digital form and whether it is personal or not
- the analysis of protection needs and risk assessment, including the resulting measures to address data protection risks, are methodically implemented
- the data protection impact assessment (DPIA) according to Art. 35 EU-GDPR
- ensuring the confidentiality, integrity, availability and robustness of IT systems and services are implemented in relation to data processing
- the maturity assessment (actual/target comparison) of the existing data protection activities can be performed
- the complete and audit-proof documentation of all data protection and information security activities, e.g.
- keeping a register of processing activities (ROPA)
- Instruction for order processing, with all AV contracts and the service providers per business process,
- Reporting of data protection incidents
Information security and data protection in one solution: with QSEC®