תקן אבטחת מידע
ISO 27001
GDPR European privacy protection regulations
GDPR (European Privacy Protection Regulations), is the privacy protection regulation of the European countries. The European regulations entered into force on May 25, 2018, when the goal of these, similar to Israel, is to protect the personal information of all citizens of the European Union by imposing certain obligations and various instructions on companies and organizations that collect personal information about citizens belonging to the European Union, and store it in databases and process it. The GDPR returns the control of the personal information exposed on the digital network to every European citizen.
Who is bound by the regulations?
The regulation applies to any holder of information control whose business is within the borders of the European Union as well as to data processors.
The information processor is the entity that actually performs this - collecting personal information, processing and storing it for the controller.
There are businesses that are not within the scope of the Union, but will nevertheless be subject to regulation if the organization holds information about the residents of the Union (for the purpose of selling products/services) and/or if the organization uses a website/application for the purpose of monitoring the behavior of the European consumer.
In such a case, businesses that are subject to regulation, but are not within the scope of the Union, are required to appoint a DPO on their behalf in one of the countries of the Union for the purpose of representation and power of attorney before the regulators.
The controlling owner is the one who requests to collect and process information, usually for the purpose of his business activity.
The process of complying with European privacy protection regulations
1. Mapping the organization's databases.
2. Preparing a gap survey according to what exists in the organization versus what is required by the regulations.
3. Building a work plan according to the gap survey.
4. Monitoring and assistance in correcting the gaps.
6. Appointment data protection officer - DPO
7. Preparation of procedures and policy documents.