AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

ISO/IEC 27001:2022: changes and comparison with the GDPR

In-depth analysis of the structure of ISO/IEC 27001:2022, its key frameworks, its impact on data protection and comparison with EU regulation 2016/679

This pill is also available in Italian language

The publication of ISO/IEC 27001:2022 - "Information security, cybersecurity and privacy protection - Information security management systems - Requirements" represents a significant advance in information security management. This international standard, released in October 2022, particularly emphasizes the protection of personal data, as reflected in the title and demonstrated by the multiple checks that affect data protection, both directly and indirectly. This article aims to explore the points of convergence and the differences between the standard and the EU Regulation 2016/679 (GDPR).

The ISO/IEC 27001:2022 frameworks and comparison with the GDPR

The structure of ISO/IEC 27001:2022 consists of three main frameworks: requirements, control and risk management. These sets of guidelines determine the security context and expectations for organizations by establishing specific controls for information confidentiality, availability, and integrity. For the risk analysis aspect, the standard has similarities with the GDPR, which in turn requires a risk analysis, respecting the principle of accountability and identifying vulnerabilities and potential threats.

Scope of application, normative references and responsibilities

ISO/IEC 27001:2022 covers all data, both personal and business, regardless of its physical location, unlike GDPR, which only covers personal data and only applies to the European Union. The ISO standard, unlike the GDPR, also refers to verbal treatments. The standard also requires organizations to apply specific controls to comply with privacy and data protection laws and contractual requirements. This involves defining specific responsibilities, establishing a "privacy officer", and creating and distributing policies and procedures for the protection of personal data.

Measurement of personal data protection and conclusions

Many controls of ISO/IEC 27001:2022 are intended specifically for the protection of personal data. These include "Protection of records", "Information deletion", "Data masking" and "Data leakage". The standard once again demonstrates its value in providing measures dedicated to the protection of personal data. In conclusion, as highlighted during the Privacy Day 2023 at the CNR in Pisa, ISO/IEC 27001:2022 together with the ISO/IEC 27002:2022 guideline offers a solid and robust approach for the protection of personal data, also with reference to various other ISO/IEC standards for privacy impact assessment and management.

Follow us on Twitter for more pills like this

06/12/2023 08:01

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat