Re: General Data Protection Regulation ( GDPR) Mat...

leroux · ‎03-14-2019

The (ISC)² GDPR has developed some educational material targeted to CISSP which can be used freely by (ISC)² Chapters

an overview of the basics that can be used as a tool to help everyone understand and communicate the scope of what is required.
“Scoping the Compliance Task for GDPR : 12 Areas of Activity” which offer a guide for scoping the task ahead of the GDPR Implementation and communicating requirements for all stakeholders
We have different slide sets upon the GDPR implementation according to the targeted audience We have currently done more than 12 sessions. (slides available upon request)

We have started to work upon the relationship between GDPR and CCPA for an implementer

AppDefects · ‎03-14-2019

The Future of Privacy Forum, and many others like Baker Law, have published guides that compare GDPR and California Consumer Protection Act (CCPA) (SB-1121) in terms of scope, definitions, legal basis, rights, and enforcement.

I tend to focus on the provisions and privacy-preserving technical controls surrounding data subject/consumer "rights". For example take the requirement for "pseudonymization" (i.e., ensuring that PII cannot be attributable to a data subject/consumer). The big difference between the laws are that under GDPR an organization must have the technical ability to re-identify a data subject to comply with other data subject rights provisions. Under CCPA though, there must not be an ability to re-identify PII after the data has been pseudonymized. All of this comparison stuff is nice, but technical implementations are what matter, so I would be curious to see what (ISC)2 publishes as implementation guidance.

https://fpf.org/wp-content/uploads/2018/11/GDPR_CCPA_Comparison-Guide.pdf

https://www.bakerlaw.com/webfiles/Privacy/2018/Articles/CCPA-GDPR-Chart.pdf

General Data Protection Regulation ( GDPR) Material