Scribd Logo
Upload

Welcome to Scribd!

  • Events - (Paper) Data Protection Certification For GDPR A 15-10-19

    Uploaded by

    Mario Gomez
    14 views16 pages

    Original Title

    Events - (Paper) Data Protection Certification for GDPR a 15-10-19

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views16 pages

    Events - (Paper) Data Protection Certification For GDPR A 15-10-19

    Uploaded by

    Mario Gomez

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 16

    riproduzionevietata©inveo2018

    Reg. 679/2017
    Reg. 765/2008 (GDPR)

    ISO 17020 ISO 17021 ISO 17024 ISO 17025 ISO 17065
    INSPECTION MANAGEMENT STAFF TRAINING
    riproduzionevietata©RiccardoGiannetti2019

    TESTING AND PRODUCT


    SYSTEMS CALIBRATION PROCESS
    ISO 9001 LABORATORIES
    SERVICES
    ISO 14001
    ISO 18001 ISDP10003
    ISO 27001 Europrise
    ISO 27701
    Why ISO 17065:2012?
    Recital 100

    In order to improve transparency and compliance with this Regulation should


    encourage the establishment of data protection certification mechanisms and
    seals and marks, as well as data protection marks enabling data subjects to quickly
    assess the level of data protection of the….
    riproduzionevietata©RiccardoGiannetti2019

    …relevant products and services


    Why ISO 17065:2012?
    Art. 43.1

    EN-ISO/IEC Additional
    Accreditation
    17065 Requirements

    Guideline 4/2018
    riproduzionevietata©RiccardoGiannetti2019

    Annex 1
    Why ISO 17065:2012?
    It does not establish requirements
    for schemes

    It does not indicates how these


    should be developed

    It does not aim to limit the role or


    riproduzionevietata©RiccardoGiannetti2019

    choices of Scheme Owners


    NON-SPECIFIC CERTIFICATION

    SPECIFIC CERTIFICATION

    CERTIFICATION out of scope art. 42


    riproduzionevietata©RiccardoGiannetti2019
    NON-SPECIFIC CERTIFICATION:

    • ISO 17021-1
    • Ensures the company’s ability to structure itself
    and managing resources and internal processes in
    order to meet the customers needs
    • can be used as best practice
    riproduzionevietata©RiccardoGiannetti2019
    Non-specific certifications
    and guidelines under GDPR

    27701
    ISO
    ISO27001
    27018

    ISO ISO
    29151 31000

    ISO
    GDP ISO19011

    R
    29134 17021-1
    riproduzionevietata©RiccardoGiannetti2019

    ISO ISO
    29100 22301

    ISO
    ISO 9001
    ISO 25024
    28590
    ISO 17065 vs ISO 17021

    PRIVACY ISO 27001


    riproduzionevietata©RiccardoGiannetti2019

    EU Reg. 2016/679 ISMS


    … protection of “Natural Persons” …context of “business risks”
    With regard to the processing of personal data overall organisation
    GDPR vs ISO 27001

    Articles Description Paragraph Description

    This Regulation lays down the rules to the This standard is applicable to all
    protection of natural persons with regard to the types of organisations.
    processing of personal data and to the free This International Standard
    movement of personal data. specifies the requirements to
    Art. 1 (1) §1 establish, implement…and improve
    a documented ISMS within a
    context of risks relating to the
    overall business of the organization

    ‘Personal data’ means any information relating “Good” : Anything of value to the
    Art. 4 (1)
    to an identified or identifiable natural person § 3.1 organization
    (‘data subject’)…
    …the controller shall implement appropriate Privacy and protection of
    technical and organizational measures to ensure personally identificable
    and be able to demonstrate that the processing information:
    Art. 24 (1)
    is performed in accordance with this Regulation A.18.1.4 Privacy and protection of personal
    data identifiable information shall
    be ensured by relevant legislation
    and regulation.
    SPECIFIC CERTIFICATION:
    • ISO 17065
    • Is a form of «direct insurance» where the direct
    correspondence of a product or a service with
    the applicable requirements is verified
    Trasduction of the GDPR provisions (articles and
    recitals )
    • Non pre-constituted schemes
    riproduzionevietata©RiccardoGiannetti2019
    Specific certification
    for GDPR
    Data protection certification mechanism
    Specific Non specific
    GDPR Out GDPR
    ISO/IEC 17065 ISO/IEC 17021-1

    ISDP©10003
    In scope
    ©Europrise

    BS 10012
    Art. 42

    ISO 27001
    ISO 27018
    Out of scope ISO 22301
    ISO 27701

    ISO 9001
    ISO 20000
    GOODPRIVACY
    Out of scope
    riproduzionevietata©RiccardoGiannetti2019

    BV GDPR CERTIFICATION
    Out of GDPR JIPDEC
    DPMS 44001
    DPCO

    Best practice – ISO guidelines (not certificable)


    • ISO 31000
    • ISO 29100
    GDPR

    • ISO 29134
    • ISO 29151
    • ISO 25024
    • ISO 28590
    what does it mean according to the GDPR?
    Art. 43.1
    Guidline
    EN-ISO/IEC 4/2018
    CaBs Accreditation
    17065
    Annex 1

    Art. 42.5
    Guidline
    Certification Write according
    1/2018
    Certification
    Scheme EN-ISO/IEC 17065
    Annex 2
    certification mechanism at October 15^

    out of scope in scope Approve according


    Out of GDPR Artt. 42-43 Artt. 42-43 annex 2…
    GDPR GDPR DPA or EDPB?

    ISDP©10003

    EuroPrise

    BS 10012
    According
    ISO 27701 Art. 42.5
    ISO 27001

    ISO 9001

    Goddprivacy

    JipDec
    BV GDPR
    certification
    THANK
    YOU
    riproduzionevietata©RiccardoGiannetti2019

    Riccardo Giannetti
    President Osservatorio 679
    Scheme manager Inveo srl
    r.giannetti@osservatorio679.org

    Riccardo Giannetti

    You might also like