Start a new topic and get direct answers from the Expert Advice Community.
CREATE NEW TOPIC +Search results
11270 results
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Supervisory Authorities
- Reported Data Breach
- Assistance when DPIA outcome flags a high risk
Basically, how can ICO (in UK) help in case of data breach (e.g. ransomware), or what is ICOs approach to assisting in DPIAs that have been flagged as high risk.
Answer:
In case of a data reach is highly unlikely that the SA will help you with anything since is not their job to do so. Most likely they will asses if your security measures were appropriate and if not they may decide to issue a fine.
As regards to the DPIAs if carried out by a controller indicates that an envisaged processing would result in a high risk in the absence of risk-mitigating measures taken by the controller, the controller shall consult the SA prior to the processing. Recital 94 seems to slightly soften this requirement by providing that a consultation might not be required if the controller is of the opinion that the identified risk can be mitigated by reaso nable means in terms of available technologies and costs of implementation. If the SA considers that the processing in question would infringe the GDPR, the SA should respond to such requests within eight weeks. However, the eight week period may be extended by six weeks in complex matters and may also be indefinitely suspended until the SA has obtained all information requested for the purposes of a consultation. Consequently, the consultation process may take considerably longer than the projected eight week period. Further, Recital 94 clarifies that a lack of response from an SA within the defined period will not preclude an SA from exercising its powers, such as the power to prohibit processing operations. Hence, a lack of response to a consultation request does not confirm that an envisaged processing is GDPR-compliant nor does it mean that SAs will not take action against such processing. This might lead to considerable uncertainties in practice.
To learn more about Supervisory Authorities check out our webinar “What to expect from Data Protection Authorities under GDPR” https://advisera.com/eugdpracademy/webinar/what-to-expect-from-data-protection-authorities-under-gdpr-free-webinar-on-demand/ -
Acquiring auditor experience
Answer: The best option would be for you to find a mentor in your organization's audit team, not necessarily in ISO 27001, but in audit methods and techniques (of course, if he/she masters ISO 27001 even better). By becoming part of his/her audit team you can start getting experience. If such person is not available in your organization then you should search for them in professional social networks or websites (people recognized by their peers as good coaches/mentors). With this second option you should take care when sharing information (focus on the general s ituation without details). Another alternative is to try to contact certification bodies and ask if you can participate as a trainee in their audits (this alternative is not always available).
This article will provide you further explanation about becoming an auditor:
- How to become ISO 27001 Lead Auditor https://advisera.com/27001academy/knowledgebase/how-to-become-iso-27001-lead-auditor/ -
Exclusions vs non-applicability
Answer:
ISO 9001:2015 does not allow exclusions. If design clause is not applicable you only need to state that it is not applicable.
The following material will provide you information about the scope:
- ISO 9001 – What clauses can be excluded in ISO 9001:2015? – https://advisera.com/9001academy/blog/2015/07/07/what-clauses-can-be-excluded-in-iso-90012015/2015/
- How to define the scope of the QMS according to ISO 9001:2015 – https://advisera.com/9001academy/knowledgebase/how-to-write-good-quality-objectives/
- free online training ISO 9001:2015 Foundations Course – https://advisera.com/training/iso-9001-foundations-course/
- book – Discover ISO 9001:2015 Through Practical Examples – https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/ -
Flujogramas en ISO 9001
Respuesta:
Este whitepaper puede ayudarle a crear un flujograma para ISO 9001:
- Cómo crear un flujograma en ISO 9001 (disponible en inglés): https://info.advisera.com/9001academy/free-download/how-to-create-an-iso-9001-process-flowchart
Además estos materiales le ayudarán con la implementación de ISO 9001:
- Libro - Descubre ISO 9001:2015 mediante ejemplos prácticos (disponible en inglés): https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso de Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/ -
Notification to data subject
Answer:
According to the EU GDPR art. 13 – “Information to be provided where personal data are collected from the data subject” (https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/) the privacy notice which should include information about cross border transfers or using a third party processor and it should be provided to the data subject “at the time when personal data are obtained” so it should be, at least for new processing activities, before the actual transfer.
To find out more about privacy notices check out our webinar “Privacy Notices Under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
Data Subject Rights under the EU GDPR
Answer:
The documents can be used to deal with all DSARs not only the right of access to personal data. There is no need for different processes or procedures to be set in place.
To find out more about DSARs please check out our webinar “Data Subject Rights under the EU GDPR” https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/ -
Template for geolocation data
Answer:
The EU GDPR Documentation Toolkit contains a draft “Privacy Notice” that you need to provide to the data subjects whose data are being processed regardless if you process CCTV footage or geolocation data. The same rules set up by article 13 – “Information to be provided where personal data are collected from the data subject” https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/ apply.
To find out more about privacy notices check out webinar “Privacy Notices under the EU GDPR” https://advisera.com/eugdpracademy/webinar/privacy-notices-under-the-eu-gdpr-free-webinar-on-demand/ -
BCMS scope
You can always sent your doubts to our Free Consultation Page at this link: https://advisera.com/27001academy/consultation/
From there, not only me but other ISO 22301 experts can help you with your project.
To make your effort easier and have access to even more specialized support, I suggest you to take a look at our ISO 22301 implementation toolkit at this link: https://advisera.com/27001academy/iso22301-documentation-toolkit/ -
Where to start from
Answer:
Usually you would start the implementation effort as any other project and you will find our article “9 steps for implementing GDPR “ https://advisera.com/articles/9-steps-for-implementing-gdpr/ quite helpful pointing you into the right direction. -
Elaboración de mapa de procesos
Respuesta:
Puede incluir subprocesos en su mapa de procesos, por ejemplo, un proceso muy complejo puede dividirse en dos o más procesos menos complejos, por lo que se recomienda identificar primero los macroprocesos, luego los procesos y finalmente los subprocesos . Solo asegúrese de que su mapa de procesos represente simple y efectivamente la secuencia y las interacciones de los procesos de su organización. También tenga en cuenta que un mapa de proceso no debería ser tan complejo como para que sus empleados no lo entiendan.
Para obtener más información sobre el enfoque de procesos, vea - ISO 9001: La importanca del enfoque de procesos (disponible en inglés): https://advisera.com/9001academy/blog/2015/12/01/iso-9001-the-importance-of-the-process-approach/
Estos materiales pueden ayudarle también con la implementación de ISO 9001:2015:
- Libro "Descubre ISO 9001:2015 mediante ejemplos prácticos" (disponible en inglés): htt ps://advisera.com/books/discover-iso-9001-2015-through-practical-examples/
- Curso Fundamentos ISO 9001:2015: https://advisera.com/es/formacion/curso-fundamentos-iso-9001/
- Conformio - Herrramienta en línea de cumplimiento: https://advisera.com/conformio/