Scribd Logo
Upload

Welcome to Scribd!

  • GDPR Security Framework

    Uploaded by

    Manju Devaraj
    8 views1 page
    The document outlines a 3-phase framework for organizations to achieve GDPR compliance: 1) Develop phase involves identifying stakeholders, allocating resources, inventorying data, and designating a data protection officer. 2) Implement phase is identifying gaps, developing a project plan, refining solutions, implementing breach procedures, testing controls, and developing an audit plan. 3) Improve phase is about continuous improvement, maintaining compliance efforts, and enhancing controls and customer service.

    Original Description:

    Original Title

    ISC2 - GDPR - Framework for Success

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines a 3-phase framework for organizations to achieve GDPR compliance: 1) Develop phase involves identifying stakeholders, allocating resources, inventorying data, and designating a data protection officer. 2) Implement phase is identifying gaps, developing a project plan, refining solutions, implementing breach procedures, testing controls, and developing an audit plan. 3) Improve phase is about continuous improvement, maintaining compliance efforts, and enhancing controls and customer service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views1 page

    GDPR Security Framework

    Uploaded by

    Manju Devaraj
    The document outlines a 3-phase framework for organizations to achieve GDPR compliance: 1) Develop phase involves identifying stakeholders, allocating resources, inventorying data, and designating a data protection officer. 2) Implement phase is identifying gaps, developing a project plan, refining solutions, implementing breach procedures, testing controls, and developing an audit plan. 3) Improve phase is about continuous improvement, maintaining compliance efforts, and enhancing controls and customer service.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    GDPR for Security Professionals:

    Framework for Success


    Phase 1: Develop
    • Identify senior stakeholders and engage each business unit affected.
    • Allocate adequate resources to support implementation.
    • Inventory and analyze the personal data held across the organization.
    • Verify procedures to ensure they cover all rights EU individuals have under GDPR.
    • Review how consent is sought, obtained and recorded to determine if changes are needed.
    • Designate a DPO when processing involves specific data categories, personal data processing
    is large scale, and if processing these special types of personal data is core to your business.

    Phase 2: Implement
    • Identify gaps and develop project plan to meet the data protection requirements set forth by
    GDPR. Two areas identified as particularly adding to the heavy workload are data protection
    impact assessments (DPIA) and subject access requests (SAR). Companies need to scope out
    how they plan to do these, and they too are subject to a risk assessment/maturity roadmap
    process.
    • Refine the solutions necessary for improving data protection and ensuring adherence to
    requirements and regulations.
    • Implement procedures to detect, report and investigate personal data breaches.
    • Test, deploy, and QA all controls and solutions developed to achieve compliance.
    • Develop an internal GDPR audit plan.
    • Operationalize the efforts of monitoring all data protection controls created.
    Phase 3: Improve
    • Move into a state of continuous improvement.
    • Put GDPR efforts into maintenance/review/update mode.
    • Enhance controls and customer service to remain GDPR-compliant and build trust and value
    with customers.

    You might also like