Technological changes and globalisation have dramatically changed the way personal data are processed. It takes time to understand the legal bases for data processing, auditing and confidentiality rules, and it cannot be easily verified that people’s personal data are processed legally. Using a model for compliance with GDPR requirements turns data controllers from mere consumers of consultancy services into managers of the privacy protection system. ISO 27552 is the upgrade which gives the information security system a completely new status, transforming it into a privacy protection system.
Tzanko Tzolov
Member of the Commision for Personal Data Protection
Sofia, Bulgaria
e-mail: tzolov@cpdp.bg
Abstract:
Key words:
GDPR
ISO 27552
model
PIMS
Business Analysis