Expert Advice Community

Guest

GDPR vs 27001

  Quote
Guest
Guest user Created:   Apr 17, 2021 Last commented:   Apr 17, 2021

GDPR vs 27001

Can you please explain me briefly how to perform the risk assessment for biometric data (GDPR), using a computer, one employee and a biometric reader (ISO 27001)?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 17, 2021

First is important to note that using ISO 27001 is not mandatory for fulfilling GDPR requirements. To perform risk assessment, you can use any approach your organization sees fit for its purpose.

Additionally, ISO 27001 does not prescribe any method to perform risk assessment, only defines requirements to be fulfilled by the adopted risk assessment process.

Considering that, the purpose of GDPR is the protection of personal information from being accessed, modified, or destroyed in an uncontrolled manner, so an example of risk assessment considering the elements you mentioned are: 
- an unattended computer storing biometric data can be stolen or invaded
- an untrained employee can inadvertently delete biometric data 
- a biometric reader can fail during a data-gathering section  

This material will also help you regarding risk management:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-risk-management-in-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 17, 2021

Apr 17, 2021

Suggested Topics