View article

General Data Protection Regulation and ISO/IEC 27001: 2013: Synergies of activities towards organisations’ compliance

Authors

Vasiliki Diamantopoulou, Aggeliki Tsohou, Maria Karyda

Publication date

2019

Conference

Trust, Privacy and Security in Digital Business: 16th International Conference, TrustBus 2019, Linz, Austria, August 26–29, 2019, Proceedings 16

Pages

94-109

Publisher

Springer International Publishing

Description

The General Data Protection Regulation that is already in effect for about a year now, provisions numerous adjustments and controls that need to be implemented by an organisation in order to be able to demonstrate that all the appropriate technical and organisational measures have been taken to ensure the protection of the personal data. Many of the requirements of the GDPR are also included in the “ISO27k” family of standards. Consequently, organisations that have applied ISO27k to develop an Information Security Management System (ISMS) are likely to have already accommodated many of the GDPR requirements. This work identifies synergies between the new Regulation and the well-established ISO/IEC 27001:2013 and proposes practices for their exploitation. The proposed alignment framework can be a solid basis for compliance, either for organisations that are already certified with ISO …

Total citations

Cited by 22

202020212022202320246 3 5 5 2

Scholar articles

General Data Protection Regulation and ISO/IEC 27001: 2013: Synergies of activities towards organisations’ compliance

V Diamantopoulou, A Tsohou, M Karyda - Trust, Privacy and Security in Digital Business: 16th …, 2019