Data Protection Management
QSEC® meets all requirements for an integrated data protection and information security management system (DIMS)!
The EU GDPR is already implemented in the following QSEC® modules:
- Compliance – the EU GDPR is already integrated in the compliance module within QSEC in form of a catalogue with all chapters and maturity assessment questions. In addition to the requirements of the established ISO norms (ISO/IEC 27001 ff, 27019 etc.), all necessary assessments can be performed according to the EU GDPR.
- Information Assets – recording of procedures (business processes) and personal data (information). The criteria for the classification of information security (confidentiality, integrity, availability) have been extended to include data security relevance. Additionally necessary evaluations (further attributes) such as concerned parties, data categories, third countries, deleting periods, access authorizations, impact assessment etc.also have to be recorded
- Risk Management– Integration of data protection criteria into the risk assessment of all (IT) assets.
- Measures Management– evaluation, recording and implementation of all necessary measures for the fulfilment of the TOM’s (Technical-Organizational Measures)
- Document Management – recording and administration of the contract management required by the EU GDPR (contract processing contracts etc.). The contracts are linked to the respective procedures (business processes) and service providers. The standard criteria for contract evaluation can be changed at any time.
- Security Incident – recording of all data protection incidents. A security incident, which is also a data protection incident, is classified and reported as a data protection incident/data protection incident subject to reporting.
- Master Data – Organization modelling, definition of the scopes and maintenance of all data protection officers.
- Dashboard /Reporting – In QSEC® all reports required for data protection are available. Many work reports are generated directly from the respective modules via an Excel export.
With this integrated approach, the requirements of information security and data security are met simultaneously without significant additional effort. The information security and data protection management becomes a DIMS (Data Protection Information Security Management System).
Within compliance: EU GDPR evaluation of articles with QSEC®
Data protection management system: recording and evaluation of personal data/information with QSEC®
Data protection management system – criteria evaluation in QSEC®
Data protection management system – assessment of the requirements of the EU GDPR for the business process/procedure