Do we need VPN to comply with GDPR?
From your experience in order to be compliant with GDRP do we need to have VPN for all employees.
Or is that to be ISO 270001 compliant?
Assign topic to the user
No, you don’t need to have VPN for all employees in order to be GDPR or ISO 27001 compliant.
Regarding GDPR, you must take all necessary technical and organizational measures to ensure appropriate protection for the personal data you process, according to Article 32 GDPR - Security of processing, so deciding whether you need VPN for all employees should be done after evaluating all the risks towards data subjects.
Regarding ISO 27001, the process is similar - you have to assess the relevant risks for your sensitive information, and based on those risks, decide whether to use VPN.
Please also consult these links:
- Article 32 GDPR - Security of processing: https://advisera.com/gdpr/security-of-processing/
- Can the GDPR trigger better security in a company https://advisera.com/articles/what-is-the-influence-of-the-gdpr-on-security/
Comment as guest or Sign in
Aug 06, 2023