Assign topic to the user
Answer:
The requirement you refer to is meant to be complied with the data processor that is processing personal data on your behalf so, any of your processors would need to have at least a security policy in place to protect personal data. Of course a supplier can have a whole security framework in place with a multitude of documents.
As for you own security setup you can find a couple of security related policies in folder 8 of our EU GDPR implementation toolkit https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/ , from which you can choose which is most relevant in terms of your business activities. I can also warmly recommend ISO 27001 as a good example of a security framework.
You can find out more about ISO 2700 1 and the EU GDPR in our article “Does ISO 27001 implementation satisfy EU GDPR requirements?” here : https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/”
Comment as guest or Sign in
Jan 11, 2018