Determining necessary security measures
1) From the role of DPO in a Spanish company (provider of Head Hunting and Personnel Search services) that has begun its adaptation to GDPR, how should the actions to be taken be planned in an orderly manner to determine the necessary security measures? , which guarantee the rights of users (candidates who apply for Internet searches and through forms/questionnaires to be completed on the institutional website of the Spanish company) and also the security of the information of their personal data (sensitive because they have health data)?
2) Would there be a document or article published on the Internet that has a mapping between what is required by GDPR and what is recommended by good practices: ISO 27001, ISO 27701, ISO 27002, ISO 27018?
Assign topic to the user
1- From the role of DPO in a Spanish company (provider of Head Hunting and Personnel Search services) that has begun its adaptation to GDPR, how should the actions to be taken be planned in an orderly manner to determine the necessary security measures? , which guarantee the rights of users (candidates who apply for Internet searches and through forms/questionnaires to be completed on the institutional website of the Spanish company) and also the security of the information of their personal data (sensitive because they have health data)?
We have an EU GDPR Documentation Toolkit which is structured in a simple and intuitive way to help you drive your GDPR-Compliance project. You can start with the Project Plan, in the first Directory, and gather all the necessary information to fill in all the required documents. The toolkit also contains privacy notices templates that you can use to inform the candidates about how you process their personal data. Moreover, you also have Live Expert Support, should you require it.
On our website we also have resources that you can use, please consult these links as well:
- 9 steps for implementing GDPR: https://advisera.com/articles/9-steps-for-implementing-gdpr/
- A summary of 10 key GDPR requirements: https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements
- EU GDPR Document Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
2. Would there be a document or article published on the Internet that has a mapping between what is required by GDPR and what is recommended by good practices: ISO 27001, ISO 27701, ISO 27002, ISO 27018?
We have a free webinar – How to integrate GDPR with ISO 27001 – which we offer for free, you can listen to the recording or join the next time it will be live. Also, we have some free resources on our website, please consult these links as well:
- How an ISO 27001 expert can become a GDPR data protection officer: https://advisera.com/27001academy/blog/2020/01/20/iso-27001-practitioner-becoming-a-gdpr-data-protection-officer/
- What is EU GDPR and how can ISO 27001 help?: https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help
- Relationship between ISO 27701, ISO 27001, and ISO 27002: https://advisera.com/27001academy/blog/2019/12/10/relationship-between-iso-27701-iso-27001-and-iso-27002/
- How to integrate GDPR with ISO 27001: https://advisera.com/eugdpracademy/webinar/how-to-integrate-gdpr-with-iso-27001-free-webinar-on-demand/
Comment as guest or Sign in
Sep 02, 2022