This document specifies baseline requirements for demonstrating processing activities compliance with the European personal data protection normative framework in accordance with EN ISO\/IEC 17065. It does not however apply to products or management systems destined for processing personal data. This document is applicable to all organizations which, as personal data controllers and\/or processors, process personal data, and its objective is to provide a set of requirements enabling such organizations to conform effectively with the European personal data protection normative framework. An organization can decide that the standard is applicable only to a specific subset of its processing activities if such a decision does not involve failure to conform with the European personal data protection normative framework. This document also provides indications for conformity assessment with the aforementioned requirements.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 4 Overview 5 Planning 5.1 General 5.2 Understanding the needs and expectations of interested parties 5.3 Scope of personal data processing activities 5.3.1 General <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | 5.3.2 Records of data processing activities 5.3.3 Identification of the legal basis <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 5.3.4 Data minimization 5.3.5 Retention periods 5.4 Policy for personal data protection <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 5.5 Roles and responsibilities 5.5.1 General <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 5.5.2 Internal roles 5.5.2.1 Data protection manager 5.5.2.2 Data protection officer 5.5.2.3 Persons authorized to process personal data 5.5.3 External roles 5.5.3.1 Processors <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 5.6 Risk management 5.6.1 General 5.6.2 Data protection risk assessment and impact analysis <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 5.6.3 Evaluation of the impact on data protection <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5.6.4 Risk treatment and treatment plan 5.7 Personal data protection by design and by default <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 6 Operational activities 6.1 General 6.2 Data protection notices and consent 6.2.1 Data protection notices 6.2.2 Consent <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 6.3 Update of roles 6.4 Personal data protection 6.4.1 Erasure of data 6.4.2 Implementation and maintenance of security measures <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 6.4.3 Management of personal data breaches <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 6.5 Data subjects\u2019 requests for the application of their rights 6.5.1 General 6.5.2 Data access 6.5.3 Correction <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 6.5.4 Erasure 6.5.5 Restriction of processing 6.5.6 Data portability 6.5.7 Objections <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 6.5.8 Automated decisions, including profiling 6.5.9 Complaints and appeals 6.6 Training and awareness 7 Control 7.1 General 7.2 Internal audits <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7.3 Periodical report <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 7.4 Nonconformities and corrective actions <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | Annex A (informative)Controllers and processors requirements mapping <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Personal data protection requirements for processing operations<\/b><\/p>\n |