Three questions related to implementation of GDPR&27001:
1. Which approach should be taken to development of the Information Security Policy taking into consideration that we already have three sources and three templates of this document?
- 04.1_Information_Security_Policy_Integrated_EN, which is included in the folder 04_General_Policies part of the GDPR&27001 Toolkit
- Information Security Policy to be generated via Conformio
2. How to approach the development of the remaining documents within GDPR&27001 Toolkit, because they are integrated with GDPR and those on Conformio are not integrated with GDPR? As you already know, we should develop/achieve an integrated GDPR&27001 package of documents at the end of the day.
3. Given the fact that we don’t have the obligation to assign a Data Protection Officer and create it as a job title, what other role would you recommend – Data Protection Controller’s representative or other approach will be more suitable in order to comply with the requirements?