BS EN 17799:2023

$142.49

Personal data protection requirements for processing operations

Published By	Publication Date	Number of Pages
BSI	2023	28

Guaranteed Safe Checkout

Categories: 03.120.20 - Product and company certification. Conformity assessment, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document specifies baseline requirements for demonstrating processing activities compliance with the European personal data protection normative framework in accordance with EN ISO/IEC 17065. It does not however apply to products or management systems destined for processing personal data. This document is applicable to all organizations which, as personal data controllers and/or processors, process personal data, and its objective is to provide a set of requirements enabling such organizations to conform effectively with the European personal data protection normative framework. An organization can decide that the standard is applicable only to a specific subset of its processing activities if such a decision does not involve failure to conform with the European personal data protection normative framework. This document also provides indications for conformity assessment with the aforementioned requirements.

PDF Catalog

PDF Pages	PDF Title
2	undefined
8	1 Scope 2 Normative references 3 Terms and definitions
9	4 Overview 5 Planning 5.1 General 5.2 Understanding the needs and expectations of interested parties 5.3 Scope of personal data processing activities 5.3.1 General
10	5.3.2 Records of data processing activities 5.3.3 Identification of the legal basis
11	5.3.4 Data minimization 5.3.5 Retention periods 5.4 Policy for personal data protection
12	5.5 Roles and responsibilities 5.5.1 General
13	5.5.2 Internal roles 5.5.2.1 Data protection manager 5.5.2.2 Data protection officer 5.5.2.3 Persons authorized to process personal data 5.5.3 External roles 5.5.3.1 Processors
14	5.6 Risk management 5.6.1 General 5.6.2 Data protection risk assessment and impact analysis
15	5.6.3 Evaluation of the impact on data protection
16	5.6.4 Risk treatment and treatment plan 5.7 Personal data protection by design and by default
17	6 Operational activities 6.1 General 6.2 Data protection notices and consent 6.2.1 Data protection notices 6.2.2 Consent
18	6.3 Update of roles 6.4 Personal data protection 6.4.1 Erasure of data 6.4.2 Implementation and maintenance of security measures
19	6.4.3 Management of personal data breaches
20	6.5 Data subjects’ requests for the application of their rights 6.5.1 General 6.5.2 Data access 6.5.3 Correction
21	6.5.4 Erasure 6.5.5 Restriction of processing 6.5.6 Data portability 6.5.7 Objections
22	6.5.8 Automated decisions, including profiling 6.5.9 Complaints and appeals 6.6 Training and awareness 7 Control 7.1 General 7.2 Internal audits
23	7.3 Periodical report
24	7.4 Nonconformities and corrective actions
25	Annex A (informative)Controllers and processors requirements mapping

Additional information

Status	Definitive
Pages	28
Publication Date	2023-11-08
ISBN	978 0 539 17019 1
Standard Number	BS EN 17799:2023
Title	Personal data protection requirements for processing operations
Identical National Standard Of	EN 17799
Descriptors	Data, Data security, Data storage protection, Data processing, Data processing equipment, Information operations
Publisher	BSI
Committee	IST/33/5
ICS Codes	03.120.20 - Product and company certification. Conformity assessment

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 17799:2023

PDF Catalog

Related products