Personal data and privacy protection is currently being a serious topic, especially in the developed countries. Individual countries and states have their own personal data protection laws, but there are also international regulations such as GDPR), and industry regulations such as HIPAA, that sets the rules for personal data handling for businesses and organizations.
Within an organization, personal data are most often processed in HR department (Personal Data of Candidates, Employees, Contractors), Sales and Marketing (Personal Data of Customers), health care and IT.
Personal data protection in HR
Almost every company and organization in the world has some employees and comes in contact with job seekers.
Personal information of the customers may be misused to spam.
Healthcare and medical records are particularly sensitive personal data, and therefore there are different standards in this area that regulate the processes of handling personal data of patients. The best known and most widespread in this area is HIPAA Certification.
Consequences of personal data protection in IT for software providers, cloud-based solution providers, or data center providers.
Today, almost 100% of data is stored in digital form such as electronic system, database, cloud storage, and other. Therefore, application and software vendors, alternatively operators of the infrastructure where the data is stored (ie providers of different cloud repositories or datacenter providers) have to obey strict rules under the form of standards. These standards ensure that (not only) personal data stay safe where they are. They are met by high quality players on the market. The most commonly used standards and IT certifications are:
- ISO 27000
- ISO 27001 Information security management systems
- ISO 27017 - specifications for Information Security Management Systems (ISMS)
- ISO 27018
- ISO 24764
- PCI DSS Certification - protection of payment information
You cannot contribute to the discussion because it is locked