tom – Privacy Design® / [protecting people by good design, solid security, efficient processes and trusted services] Thu, 11 Jul 2019 22:17:54 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2018/02/cropped-favicon-32x32.jpg tom – Privacy Design® / 32 32 France: TOM by ANSSI /2019/07/11/france-tom-by-anssi/ Thu, 11 Jul 2019 22:17:54 +0000 /?p=1046 Technical and organisational measures

https://www.ssi.gouv.fr/administration/reglementation/rgpd-renforcer-la-securite-des-donnees-a-caractere-personnel/

]]> CNIL Privacy Impact Assessment Knowledge Bases /2019/05/30/cnil-privacy-impact-assessment-knowledge-bases/ Thu, 30 May 2019 20:13:05 +0000 /?p=814 https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf

I keep going back to this resource, as it has a good set of examples for privacy risks.

But it also has a long catalog of technical and organizational measures (TOM).

]]> Austria: Patient cannot consent to inadequate TOMs /2019/05/26/austria-patient-cannot-consent-to-inadeqaute-toms/ Sun, 26 May 2019 20:32:47 +0000 /?p=759 Data subjects cannot consent to inadequate technical and organizational measures, in the specific case to unencrypted emails.

https://www.dataprotect.at/2019/04/16/datensicherheitsma%C3%9Fnahmen-sind-nicht-disponibel/

]]> CNIL – Toolkit for software developers /2019/05/26/cnil-toolkit-for-software-developers/ Sun, 26 May 2019 19:47:09 +0000 /?p=728 https://www.cnil.fr/fr/kit-developpeur

Covers various technical and organizational measures (TOM) in context of software development (SDLC)

]]> State of the art – Guidelines by ENISA and TeleTrusT /2019/05/26/state-of-the-art-guidelines-by-enisa-and-teletrust/ Sun, 26 May 2019 19:00:00 +0000 /?p=690 Continue reading "State of the art – Guidelines by ENISA and TeleTrusT"

]]> ENISA and TeleTrusT – IT Security Association Germany have published their guidelines in English.

“The document published on the “state of the art” in IT security provides concrete advice and recommendations for action. These guidelines are intended to provide companies, providers (manufacturers, service providers) alike with assistance in determining the “state of the art” within the meaning of the IT security legislation. The document can serve as a reference for contractual agreements, procurement procedures or the classification of security measures implemented. They are not a replacement for technical, organisational or legal advice or assessment in individual cases. “

https://www.enisa.europa.eu/news/enisa-news/what-is-state-of-the-art-in-it-security

]]> CNIL updates to PIA guides (Feb 2018) /2018/04/30/cnil-updates-to-pia-guides-feb-2018/ Mon, 30 Apr 2018 21:31:41 +0000 /?p=601 CNIL updates to PIA guides (Feb 2018)
https://www.cnil.fr/en/cnil-publishes-update-its-pia-guides

Knowledge base
incl. recommendations on many organisational and technical controls,
risk sources, etc..
https://www.cnil.fr/sites/default/files/atoms/files/cnil-pia-3-en-knowledgebases.pdf

]]> [Presentation] Andreas Sachs (BayLDA): „Vorgaben zur IT-Sicherheit in der DS-GVO“ /2018/02/25/presentation-andreas-sachs-baylda-vorgaben-zur-it-sicherheit-in-der-ds-gvo/ Sun, 25 Feb 2018 08:03:21 +0000 /?p=361 Andreas Sachs (BayLDA): „Vorgaben zur IT-Sicherheit in der DS-GVO“

2017

https://fg-secmgt.gi.de/fileadmin/gliederungen/fb-sec/Workshops_neu/WS_2017-03-10_EU-DSGVO/3_Sachs_gi_informatik_dsgvo_sec.pdf

]]>