Expert Advice Community

Guest

List of points needed for making infrastructure GDPR compliment

  Quote
Guest
Guest user Created:   Nov 26, 2020 Last commented:   Nov 28, 2020

List of points needed for making infrastructure GDPR compliment

Is there a list of all the points you need to make it in infrastructure GDPR compliment?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Nov 28, 2020

It is not clear from your question if you refer to the company infrastructure concerning assets and organization or to the IT infrastructure. In general, there are different levels to consider from an infrastructure point of view.

The first of all is the privacy by design principle: you need that your infrastructure project considers GDPR requirements from the very beginning (what kind of data are going to be processed, for what purposes, how long data will be processed, who can access, how data will be secured). The Data Processing Impact Assessment process can help you to focus on specific GDPR requirements and design the infrastructure accordingly.

Then the privacy by default principle: your infrastructure should be settled considering GDPR requirement at its strictest. (i.e., setting data retention periods, defining the process to manage data subjects rights, following the data minimization principle which requires companies to collect and process only personal data which are necessary to reach the purpose for which had been collected). Internal policies and the registry of data processing will help you.

Adopting security measures refers to all the organizational and technical processes to ensure security. (i.e. internal policies on document access, on teleworking, on bringing your own device policies, or email security protocols, VPN, antivirus, antimalware, and so on.).

The GDPR leaves up to the controller the choice of the solutions which fit better to its own organization. The balance is among the state of the art, the costs, the kind of personal data involved, and the threat to individual’s rights and freedom arising from data processing which may differ from the brick and mortar shop to the marketing agency which monitors the behavior of customers and run targeted marketing campaigns.

Here you can find more information to start implementing GDPR:

To have a deeper idea of the list of requirements of GDPR you can consider enrolling in our free online trainingEU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 26, 2020

Nov 28, 2020

Suggested Topics

Guest user Created:   Aug 30, 2021 EU GDPR
Replies: 1
0 0

Complying with EU GDPR

Guest user Created:   Aug 10, 2021 EU GDPR
Replies: 1
0 0

Complying with GDPR