diplomsko delo visokošolskega študijskega programa Informacijska varnost
Povzetek
GDPR, ki se uporablja kot kratica za Splošno uredbo o varstvu podatkov, je maja 2018 stopil v veljavo in dvignil veliko prahu med upravljavci, obdelovalci in posamezniki. Zaradi slabega poznavanja področja in abstraktnosti določb so nekateri težko postavili celotno uredbo v smiseln kontekst, zato je pri implementaciji nastalo veliko odprtih vprašanj. Standard ISO/IEC 27001 pa ureja sistem varovanja upravljanja informacij in je podan precej podrobno, poudarek ima tako na organiziranosti, ocenjevanju, pregledovanju itn. kot tudi na določanju primernih kontrol za zagotavljanje nenehnega varovanja informacij. Zaključno delo se usmerja v pregled njunih skupnih točk, s ciljem, da bi organizacije največ pridobile pri zagotavljanju skladnosti tako stroškovno kot tudi z vidika zmanjševanja tveganj. GDPR in standard ISO/IEC 27001 pokrivata različna področja, vendar imata veliko skupnih točk, na primer obema je skupno, da zmanjšujeta tveganja zlorabe osebnih podatkov, spodbujata k ureditvi formalnih postopkov, predpisanemu sporočanju o kršitvi itn. Na eni strani se standard ukvarja z zmanjševanjem informacijsko-varnostnih tveganj z vpeljavo sistema v organizacijo, katerega cilj je nenehno izboljševanje in temelji na zagotavljanju celovitosti, dostopnosti in zaupnosti informacij. Po drugi strani se GDPR osredotoča na zmanjševanje tveganj varstva osebnih podatkov, uresničevanje pravic posameznikom, zavarovanje podatkov, načelno upravljanje in obdelovanje osebnih podatkov ter subjektom nalaga odgovornost do upoštevanja zasebnosti in zakonitosti obdelave.
Oba zahtevata določeno mero znanja odgovornih, podporo vodstva in ozaveščanje vseh zadevnih, kar smo tudi skozi raziskovalni del predstavili. Na podlagi odgovorov s strani strokovnjakov smo predstavili mnenja, izkušnje in dobre prakse pri implementiranju uredbe skupaj s standardom.
Ključne besede
diplomske naloge;GDPR;ISO/IEC 27001;zasebnost;varnost;ukrepi;
Podatki
Jezik: |
Slovenski jezik |
Leto izida: |
2019 |
Tipologija: |
2.11 - Diplomsko delo |
Organizacija: |
UM FVV - Fakulteta za varnostne vede |
Založnik: |
[I. Majerle] |
UDK: |
342.7(043.2) |
COBISS: |
3778538
|
Št. ogledov: |
952 |
Št. prenosov: |
169 |
Ocena: |
0 (0 glasov) |
Metapodatki: |
|
Ostali podatki
Sekundarni jezik: |
Angleški jezik |
Sekundarni naslov: |
Implementation of General Data Protection Regulation with ISO/IEC 27001 |
Sekundarni povzetek: |
On May 2018, the GDPR, which stands for General Data Protection Regulation, was signed into law and caused quite a stir among the operators, processors and individuals. Due to the poor understanding of the field and abstract provisions, some have found it hard to put the entire regulation into a reasonable context, which led to many open questions. The ISO/IEC 27001 controls the information security management system and is devised in great detail, with an emphasis on the organization, assessment, examination, etc. What is more, it also stresses the importance of determining the appropriate controls that would ensure continual data protection. The paper focuses on reviewing the points the two documents have in common with the aim to ensure that the organizations would gain the most in compliance assurance in terms of costs as well as risk reduction. The GDPR and the ISO/IEC 27001 cover different fields but also have a lot in common. For example, they both try to reduce the risk of personal data misuse and encourage the development of formal procedures and regulated notification system in case of violations, etc. On one hand, the ISO/IEC 27001 deals with the reduction of information-security risks by implementing a system into an organization that strives for continuous improvement and is based on providing integrity, availability and information confidentiality. On the other hand, the GDPR focuses on reducing the risks in personal data protection and exercising the data subject's rights. Furthermore, it emphasizes data protection, principled management, personal data processing and imposes responsibilities on the subject to consider the privacy and the lawfulness of the processing of personal data.
Both demand a certain amount of knowledge from those responsible, management support and raising awareness among those involved; the latter was discussed in the empirical part. Based on the answers provided by experts, we presented the opinions, experience and examples of good practice in the implementation of the GDPR with the ISO/IEC 27001. |
Sekundarne ključne besede: |
GDPR;ISO/IEC 27001;privacy;security;measures; |
Vrsta dela (COBISS): |
Diplomsko delo/naloga |
Komentar na gradivo: |
Univ. v Mariboru, Fak. za varnostne vede, Ljubljana |
Strani: |
IX, 57 str. |
ID: |
11244001 |