Risk assessment for GDPR

"Hi Team,

I do have a question as part of our toolkit plan.
We have finished the risk assessment and treatment plan based on the 27001 approaches, which is asset-based.
In the webinar "How to integrate GDPR with ISO 27001" it was mentioned that recommended is combined "Risk Assessment" for 27001 and GDPR.
My question is in case you have template methodology that combines both approaches? 

The webinar does not recommend the combined risk assessment for ISO 27001 and GDPR. On the contrary, the webinar recommends doing the risk assessment for ISO 27001, and DPIA for GDPR.  

In fact, ISO 27001 is focused on information security and, as you said, is asset-based. GDPR focuses on the risks for freedom and rights of individuals arising from data processing, so the focus is on the data subject.

ISO 27001 risk assessment helps to implement GDPR requirements but there is no template that combines both GDPR and ISO 27001 because they are different regulations and require different implementation. 

In our EU GDPR & ISO 27001 Integrated Documentation Toolkit you can find a chart with the list of relevant documentation and with reference to mandatory requirements by both regulations. You bought ISO 27001 Documentation Toolkit so you can verify what documentation you need to implement in order to comply with GDPR requirements.

You can find this chart in the free demo of the EU GDPR & ISO 27001 Integrated Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit/

How do we need to augment current 27001 methodologies & template to be GDPR compliant?Our current risk register includes assets of type "Processes/Services", which map with processing activities.To confirm I am not speaking about DPIA, which is unique to GDPR.

As I said, the focus between the two regulations is slightly different so ISO 27001 can help you to implement GDPR, however, implementing GDPR will require specific documentation. To comply with GDPR requirements you have to perform DPIA, and there are templates in the GDPR Toolkit or in ISO 27001 & GDPR Integrated Toolkit for that purpose. 
 

Is there anything specific in GDPR that would require to extend methodology that is included in your 27001 templates? 

You need to implement the data protection policy, data retention policy, employee data protection policy, privacy policies, and documentation which is specific of GDPR and is not covered by ISO 27001, like the inventory of processing activity according to requirements of Article 30 GDPR, eventually appointing a Data Protection Officer.

Here you can find our Toolkit to help you implement GDPR requirements.

• EU GDPR Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
• EU GDPR & ISO 27001 Integrated Documentation Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit/

Here you can find more information:

• Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
• What is EU GDPR and how can ISO 27001 help? https://info.advisera.com/27001academy/free-download/what-is-eu-gdpr-and-how-can-iso-27001-help

You may also consider enrolling in this online EU GDPR Foundations Course:
EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//