EU GDPR and EU ePrivacy Regulation Compliance Improvement and Certification
Introduction
Following the implementation of the “Personal Data Protection Act” in worldwide, the EU-US Privacy Shield Framework between the United States and the European Union, the EU General Data Protection Regulations (EU GDPR) were enforced by the European Union by May 25, 2018, it requires the organizations to protect the personal data.
Therefore, the organization must establish a systematic management mechanism (for example, the BS 10012, PIMS, personal data management system, or ISO/IEC 27701, PIMS, Privacy Information Management System) to comply with the regulation, and the data protection principles required by GDPR article 5, for example, the appointment of dedicated personnel responsible for personal data inventory, education, and training, communication, notification, data protection, and control measures (for example, integration with ISO 27001 information security management and ISO 22301 business continuity management).
To demonstrate compliance, the organization shall take the following regulation into consideration:
- REGULATION (EU) 2016/679 - EU GDPR (General Data Protection Regulation)
- DIRECTIVE (EU) 2016/680 - criminal offenses or the execution of criminal penalties
- Regulation on "Privacy" and "Electronic Communications
- EU Cybersecurity Act
Who should apply?
This is intended for those organizations that have been requested to comply with EU GDPR.
- Personal data controller and processor;
- IT or web-based service provider, IT Products developer, manufacturer;
- "Smart"-based service provider;
- Service/supply chain/outsource provider.
Service objectives
- Demonstrate that personal data processes comply with EU GDPR's personal data processing principles;
- Demonstrate that technically comply with EU GDPR's requirements, i.e. encryption, access control.
Service benefits
- Demonstrate the EU GDPR compliance by Trusted Site Privacy Certification.
- Improve the overall understanding of EU GDPR and data protection compliance requirements.
- Identify the opportunity for improvements in personal data protection in the organization.
Service outline
Description | |
---|---|
Purpose: | Assess the feasibility and preliminary scope for EU GDPR certification |
Time and resource estimate: | 3 ~ 5 days; |
Activities: |
|
Deliverables: |
|
Description | |
---|---|
Purpose: | Improve the identified deficiency |
Time and resource estimate: | 1 ~ 3 months; |
Activities: |
|
Deliverables: |
|
Description | |
---|---|
Purpose: | Verification and validate the EU GDPR compliance improvements |
Time and resource estimate: | 3 ~ 5 days; |
Activities: |
|
Deliverables: |
|
Description | |
---|---|
Purpose: | Demonstrate of EU GDPR compliance |
Time and resource estimate: | 1 month |
Activities: |
|
Deliverables: |
|
Organizational information
- The time and resources depend on the complexity of the personal data processing process and/or product.
- The client should prepare the following documents for service discussion:
- Product or Services catalog, user manual, used cases/scenarios;
- Security functionality, architecture, and specification;
- Security technologies adapted, i.e.
- Cryptographic algorithms;
- Security/session KEYs management;
- Supporting software, hardware, and firmware.
- This service is in collaboration with ICT Security Evaluation Laboratory in Germany
- [ Service contact e-mail ]
Please contact us for more information or support needed:info@tksg.global