ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b)
The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured system. ISO 27018 Annex A provides a set of n additional controls and associated guidance intended to address PII protection requirements. Further, ISO/IEC 29100 details the privacy principles which are similar to the principles of GDPR.
In this session, the speaker will attempt to identify the controls that help establish the basic infrastructure which creates the framework that helps in implementing the GDPR requirements. Some of the examples are: Network security enables the organization in protecting the data confidentiality and Cryptography enables the organization in protecting the data in transit and at rest. Access control restricts unauthorized access to the data. ISO 27018 control A.1.1 Obligation to co-operate regarding PII Principal’s rights enables the data owner to access, correct and/ or erase PII pertaining to them. This presentation will also help the participants in understanding the basic requirements to become compliant with GDPR requirements. Author is a Certified Data Protection Officer from PECB.