cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
leroux
Community Champion

Getting Started on the Basics: The EU General Data Protection Regulation (GDPR)

 

This document was prepared by members of the (ISC)2 EMEA Advisory Council GDPR Task Force. Lead Contributors: Yves Le Roux, CISSP, CISM; Paul Lanois, CCSK, CIPM, CIPT, CIPP (A, E, US and C), FIP, CISMP and LLM.
Reviewed by Dr. Adrian Davis, MBA, FBCS CITP, CISSP; Sam Berger, CISSP; Michael Christensen, CISSP, CSSLP, CISM, CRISC, CIS LI, EU-GDPR-P; CCM, CCSK, CPSA, ISTQB, PRINCE2, ITIL, COBIT5; Ramon Codina, CISSP; Santosh Krishna Putchala, CISSP

37 Replies
jasonlau88
Newcomer I

This is great.

 

May I ask if you know how I could get involved and be on the, "(ISC)2 EMEA Advisory Council GDPR Task Force"?

 

I am based in Hong Kong and GDPR is one of the key focus areas of my current work (as well as China Cyber Security Law) and it is impacting many international organizations around the world.  I have also presented this topic and cyber security at ISACA's Chapter, and hosted several GDPR events with the company I work for.

 

Would love to hear from you, to see how I could contribute / assist from an "Asia Pacific" perspective. 

 

Jason Lau

CISSP, CGEIT, CRISC, CISM, CISA, CEH, CNDA, CSM, ITIL

https://www.linkedin.com/in/jasonwklau/

 

2012
Newcomer II

Great summary. Thank you. GDPR is specifically calling out the monitoring/tracking and profiling aspect. I am sure this will impact most organizations using Google Analytics and other tools to gather more stats on page views, time spent in each page ..etc. The cookies used in this case may not "identify" data subjects by theirs ids but do identify the data subjects by their organization, geo location ..etc. Any idea on whether a specific consent has to be obtained for this monitoring? For example, as a Data Processor, the data subject may consent to the use of cookies at the processor's site. But then how about the use of the third party cookies? Any idea whether a special consent has to be obtained for each such third party or the Data Processor can combine them into their own cookie policy by identifying the third parties explicitly or implicitly? Thanks in advance.

TimG
Newcomer III

This is a really good, punchy paper that lays out the implications of the GDPR very nicely. It's also helpful that it comes with the (ISC)2 imprimatur rather than that of an organisation that has a related product or service to sell. Thank you - I shall be putting it to use.

Robert
Newcomer II

Has anyone experience of applying privacy threat models, I have seen LINDDUN referenced but haven't seen an application of it.
https://linddun.org/
SteveE
Viewer

Consent is required for the likes of Google Analytics but this is under the e-Privacy directive. With cookies I think this directive takes precedence over the Electronic Communications Directive. The e-Privacy directive will be a regulation roughly at the same time as the GDPR if the EU has its way...

I also echo jasonlau88's request to see if I could be added to the "(ISC)2 EMEA Advisory Council GDPR Task Force" or participate in discussions.  I work for a global cloud-based company that is working to comply with the GDPR as well and would love to work with the group to determine how to approach this regulation.

fortean
Contributor III

As a service to the Dutch and Flemish communities I prepared a Dutch translation, which I gladly will post wherever the authors feel it is appropriate. Authors, please contact me for further details so we can make arrangements.

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
leroux
Community Champion

If you quoted the origin, the GDPR Task Force has decided to authorize any use of this paper for (ISC)² chapters. Consequently, any translation will be apprciated...

leroux
Community Champion

It may be interesting to have an open discussion upon GDPR Implementations in this community....