Cum pot influenţa standardele ISO/IEC 27001:2013 şi ISO/IEC 27701:2019 procesul de obţinere a conformităţii GDPR
The Influence of the Standards ISO/ IEC 27001:2013 and ISO/IEC 27701:2019 upon the achievement of the GDPR Compliance

Summary/Abstract: The implementation of ISO/IEC 27701 and 27001 allows operators to comply with the requirements of the GDPR and other legal provisions on data privacy and security of information and to demonstrate that they have implemented „appropriate technical and organizational measures” to protect the personal data they process and respect the rights of data subjects. Given that „data protection” appears in its name, the General Data Protection Regulation (GDPR) is as concerned about data privacy as the ISO/IEC international standards. However, this Regulation does not include guidance on how to meet its requirements. This can be explained as a measure to prevent GDPR from becoming obsolete as best practices evolve and new technologies become available every day. Article 42 of the GDPR allows for the establishment of data protection certification mechanisms to enable organizations to demonstrate compliance – and there are many reasons why ISO 27701: 2019 could provide this given that it is an internationally recognized standard, extending a standard Information security already widely used and that organizations can be certified to the standard by recognized auditors. The implementation of the controls from the ISO/IEC standards ensures the premises for the elimination of the situations in which sanctions are applied in the form of warning, fine or measures for violation of art. 32 of the Regulation.

• Details
• Contents