Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Core
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
WIMMA Lab 2021
Core
Commits
4f2d8256
Commit
4f2d8256
authored
4 years ago
by
Marko Rintamäki
Browse files
Options
Downloads
Patches
Plain Diff
Add new file
parent
27caed9b
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Pipeline
#405133
passed
4 years ago
Stage: test
Stage: deploy
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/90-Quality-and-support/library/gdpr-and-security.md
+45
-0
45 additions, 0 deletions
docs/90-Quality-and-support/library/gdpr-and-security.md
with
45 additions
and
0 deletions
docs/90-Quality-and-support/library/gdpr-and-security.md
0 → 100644
+
45
−
0
View file @
4f2d8256
Source : European data protection, Law and Practise, second edition 2019. An IAPP Publication.
So, what can data protection professionals do to put their organisations in the best
position possible? Where should they look to understand the meaning of ‘appropriate
technical and organisational measures’? As well as consulting with their internal
security professionals about the nature of the security threats and risks and the nature
of the response strategy, they can seek to familiarise themselves with some of the key
pieces of readily available learning. Fruitful areas for review include:
• Related pieces of the legislative framework that contain security provisions,
such as the NIS Directive, the ePrivacy Directive, the Cybercrime Directive
and the Payment Services Directive No. 2.14
• The output of institutions, such as WP29, the European Data Protection
Supervisor and the European Union Agency for Network and Information
Security.
• The output of security centres of excellence, such as the National Cyber
Security Centre in the UK.
• Policy frameworks of national governments, such as national cybersecurity
plans.
• Regulatory policy statements and other guidance issued by the national data
protection regulators and by sector regulators.
• Decisions in regulatory enforcement actions brought by the national data
protection regulators and related regulators.
• Decisions of courts and tribunals in related areas.
• National and international standards for best practice, such as the ISO 27000
series, the Payment Card Industry Data Security Standard, CBEST and the
NIST framework.
• Threat assessment reports and subject ma!er white papers published by IT
security companies and security consultants.
• The output of relevant professional associations and a'nity groups. There
are many operating in the space, such as the Cloud Security Alliance and the
Information Security Forum.
This list is not exhaustive, but it should give the data protection professional a fairly
good impression of the range of available resources in determining an appropriate level
of security.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
