https://community.isc2.org/t5/Chapters/General-Data-Protection-Regulation-GDPR-Material/m-p/20133#M362 <P>The Future of Privacy Forum, and many others like Baker Law, have published guides that compare GDPR and California Consumer Protection Act (CCPA) (SB-1121) in terms of scope, definitions, legal basis, rights, and enforcement.</P><P>&nbsp;</P><P>I tend to focus on the provisions and privacy-preserving technical controls surrounding data subject/consumer "rights". For example take the requirement for "pseudonymization" (i.e., ensuring that PII cannot be attributable to a data subject/consumer). The big difference between the laws are that under GDPR an organization must have the technical ability to re-identify a data subject to comply with other data subject rights provisions. Under CCPA though, there must not be an ability to re-identify PII after the data has been pseudonymized. All of this comparison stuff is nice, but technical implementations are what matter, so I would be curious to see what (ISC)2 publishes as implementation guidance.</P><P>&nbsp;</P><P><A href="https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf" target="_blank">https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf</A></P><P><A href="https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf" target="_blank">https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf</A></P> Thu, 14 Mar 2019 17:52:58 GMT AppDefects 2019-03-14T17:52:58Z https://community.isc2.org/t5/Chapters/General-Data-Protection-Regulation-GDPR-Material/m-p/20121#M361 <P>The (ISC)² GDPR has developed some educational material targeted to CISSP which can be used freely by (ISC)² Chapters</P><UL><LI>an&nbsp;<A href="http://blog.isc2.org/files/getting-started-on-the-basics-the-eu-general-data-protection-regulation-gdpr.pdf" target="_blank">overview of the basics</A>&nbsp;that can be used as a tool to help everyone understand and communicate the scope of what is required.</LI><LI><P><A href="http://blog.isc2.org/files/scoping-the-compliance-task-for-gdpr---areas-of-activity.pdf" target="_blank">“Scoping the Compliance Task for GDPR : 12 Areas of Activity”</A> which offer a guide for scoping the task ahead of the GDPR Implementation and communicating requirements for all stakeholders</P></LI><LI>We have different slide sets&nbsp; upon the GDPR implementation according to the targeted audience We have currently done more than 12 sessions.&nbsp; (slides available upon request)&nbsp;</LI></UL><P>We have started to work upon the relationship between GDPR and CCPA for an implementer</P> Mon, 09 Oct 2023 09:09:00 GMT https://community.isc2.org/t5/Chapters/General-Data-Protection-Regulation-GDPR-Material/m-p/20121#M361 leroux 2023-10-09T09:09:00Z https://community.isc2.org/t5/Chapters/General-Data-Protection-Regulation-GDPR-Material/m-p/20133#M362 <P>The Future of Privacy Forum, and many others like Baker Law, have published guides that compare GDPR and California Consumer Protection Act (CCPA) (SB-1121) in terms of scope, definitions, legal basis, rights, and enforcement.</P><P>&nbsp;</P><P>I tend to focus on the provisions and privacy-preserving technical controls surrounding data subject/consumer "rights". For example take the requirement for "pseudonymization" (i.e., ensuring that PII cannot be attributable to a data subject/consumer). The big difference between the laws are that under GDPR an organization must have the technical ability to re-identify a data subject to comply with other data subject rights provisions. Under CCPA though, there must not be an ability to re-identify PII after the data has been pseudonymized. All of this comparison stuff is nice, but technical implementations are what matter, so I would be curious to see what (ISC)2 publishes as implementation guidance.</P><P>&nbsp;</P><P><A href="https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf" target="_blank">https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf</A></P><P><A href="https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf" target="_blank">https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf</A></P> Thu, 14 Mar 2019 17:52:58 GMT https://community.isc2.org/t5/Chapters/General-Data-Protection-Regulation-GDPR-Material/m-p/20133#M362 AppDefects 2019-03-14T17:52:58Z