Guest user Created: Sep 23, 2016 Last commented: Sep 23, 2016

ISO 27018 and EU PDPR

Concerning data protection policy according EU GDPR, while formal ISO 27018 certification is not a goal (the goal is go for 27001, but bring in parts of 27018 as appropriate), can 27018 portions help better formulate this policy?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 23, 2016

Answer:
The thoguth about go for ISO 27001 certification bringing some parts of ISO 27018 is the correct one, since ISO 27018 is not certifiable.

Concerning EU GDPR, ISO 27018 can really help to accomplish compliance, mainly with chapter IV:

Chapter II (principles): basic orientation to application of controls
Chapter III (rights of the data subject): ISO 27018 clauses can be applied in terms of service
Chapter IV (controller and processor: controls and procedures can make use of ISO 27018 recommendations. Clause 32 is of special interest.
Chapter V (transfer of personal data to third countries or international organisations): ISO 27018 clauses can be applied in terms of service.
Chapter VI (independent supervisory authorities): ISO 27018 clauses can be applied in terms of service
Chapter VII (cooperation and consistency): ISO 27018 clauses can be applied in terms of service
Chapter IX (specific data processing situations): controls and procedures can make use of ISO 27018 recommendations.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 23, 2016

Expert Advice Community