Good news for those who are striving to adapt their corporate procedures to the new European General Data Protection Regulation, better known as GDPR. The ENISA (European Union Agency for Network and Information Security), one of the most important and established reality in the field of Network and Information Security, has recently published a very useful application handbook entirely dedicated to the security of processing personal data in GDPR optics.
The main purpose of the document is to provide practical demonstrations related to the correct interpretation and implementation of the methodological steps that distinguish the guidelines of the ENISA for SMEs on the security of personal data processing: the manual is accompanied by numerous examples and cases of specific use concerning operations common to all SMEs, thus making it an excellent starting point for setting up the necessary activities with a view to adapting GDPR to all company procedures.
Of particular interest to Project Manager, Privacy Specialist and DPO is Annex A, which very effectively schematises the controls of ISO / IEC 27002 which fall within the specific area of GDPR. The various tables available present the measures divided by level of risk (low: green, medium: yellow, high: red). To achieve scalability, it is assumed that all measures described below the low level (green) are applicable at all levels, those presented below the medium level (yellow) are also applicable at a high level of risk and those presented below the high level (red) are not applicable to any other level of risk.
The manual, entirely in English, is available for free download directly on the ENISA website or by clicking on the button below.
Enjoy the reading!
UPDATE: ENISA has recently published a second document that investigates the impact of the main mobile apps in terms of security and privacy, which is also particularly valuable for GDPR. For more information and links to the free download, read here.