Private capital protection counseling consultant
Secure Vectors is one of the few manufacturers to provide international privacy protection badges. At present, there are medical cloud providers using the Europrise privacy protection standard as the framework of personal data protection. Adopt stricter international standards to meet international privacy practices. The privacy protection standard services provided by our company include:
- EuroPrise: European Privacy Seal
- Datenschutz-Gütesiegel
The consultant services of the privacy protection standard shall assist the standards of organization in establishing the technical protection, management system to comply with international standards or laws by the procedures required.
International Security Standard: Privacy Protection Standards Consulting Service
In addition to nist800-122, which is applied to the safety standard reference in the consulting work. ISO22307 is applied to the privacy impact assessment.
The following is the privacy standard of the company’s main guidance:
- BS 10012: Personal Information Management System
- JIS Q 15001: Personal Information Protection Management System
- ISO / IEC 29100: Privacy Protection Framework
Personal data protection management
Personal Data Privacy and protection is a fundamental human right all over the world. Organizations make protection of personal data, not just follow and meet the requirements of the Act, the general principle is respect for fundamental rights and freedoms of the parties of, in particular, to protect the rights of personal data, regardless of their gender, age, identity status, nationality or Residences vary.
In recent years, countries around the world or regional organizations constantly revised and sophisticated personal data protection and privacy regulations, especially in the EU General Data Protection Regulation (GDPR, the general data protection principles) strictly regulate the behavior and requirements of business organizations.
Where on the protection of the rights and freedoms of the processing of personal data, the requirements of business organizations shall take appropriate science and technology and organizational measures, Controllers should adopt rules and measures that are consistent with the design ( by design ) and default ( by default ) data protection principles. These measures include but are not limited to the minimization of personal data processing (Minimising), will be anonymous as possible personal data (Pseudonymising), the processing of personal data and the role of transparency (transparency), the data subject to the surveillance data processing, and Controls were able to create and enhance security capabilities. And for the development, design and application selection process personal information, services and products should be data protection into account, to ensure Controls and processors to complete their obligation to protect the data. In particular, during the process of open tendering, the “principle of data protection for designing and presetting” should be taken into consideration. Consideration of the prior art, implementation costs, deal with the nature, scope, context and purpose of the parties with respect to the possibility of the rights and freedoms of the risk and severity of managers and handlers should take appropriate science and technology and organizational measures, including but not Limits to the following:
Respond to the availability and accessibility of personal data in a timely manner after the accident
regularly test, evaluate, measure and ensure the effectiveness of safety measures.
However, the protection of personal data is not absolute. We must consider the function and role of society. We must balance other basic rights in accordance with the principle of proportionality, especially respect for individuals and families, residence, communication, ideology, conscience and freedom of religion, freedom of speech and information, Freedom of occupation, the right to effective relief and the right to a fair trial, and the multiple protections of culture, religion, and language.
In the course of operation and management of a business organization, regardless of the amount of personal data handled, there will be collection, processing, utilization, and transmission. Therefore, the import and build appropriate management system to protect the rights and interests, and comply with laws and regulations, to become a core competency of the management of modern business organizations.
Personal data protection management is not only to ensure the rights and interests of the parties, but also to meet the requirements of the statute. More importantly, is the corporate organization fully aware of the flow and life cycle of personal data exposed during the operation and the possible risks to the personal data during the operation process. Only through a comprehensive risk analysis of the behavioral inventory and data flow to the life cycle can the correct management and control measures be judged and introduced, and appropriate personnel can be assigned to perform appropriate functions.
The SVITI Professional Services team includes senior consultants, lawyers and technical experts who are familiar with the Personal Data Protection Act and international standards, and assist companies in the following work projects:
1. Status Variance analysis
The team will assist the business organization in analyzing the operational procedures involving personal data in each unit, and compare the existing system with the connotation of international standards, modify the existing regulations, and achieve the goal of personal data management.
The team will ask senior consultants, lawyers, and technical experts to analyze the differences in status, examine the existing processes of management organizations, technical aspects, and legal inspection organizations, and the differences between the relevant laws and regulations and international standards , and produce a difference analysis report.
2. Personal Data Inventory and Risk Assessment
2-1 Profile inventory, generate personal data by the project team to conduct the inventory list.
2-2 Conduct personnel training.3. Consultants and lawyers view
Technical experts and lawyers will be based on a resource inventory of each unit to deliver results, the results of the review, and provide how to merge and simplify inventory results, as well as related non-standard naming prompt correction or not clear, wrong count results.
4. Risk assessment
4-1 Integrated risk assessment and a job-owned inventory
Consider the identity of the organization and design appropriate inventory and risk assessment fields so that all units can legally perform and simultaneously complete the risk assessment work required by international standards and the preparation of the parties’ right to use the documents.
4-2 Risk Assessment Methodology
Help organizations design an easy to understand and comply with the requirements of the risk evaluation methodology system management, and risk evaluation to promote education and training in order to make the unit self-person future maintenance and operation of its risk evaluation results.5. Establish personal data protection management system
5-1 To policy architecture the most complete International Standard As the main framework of the management system, international standards ensure that all management systems of the enterprise organization are managed and controlled under complete policies and principles.
5-2 To the ground of the personal data protection regulations follow a target management system (Objectives), all standard and system construction, are in line with Act requires control as the ultimate goal.
5-3 Workflow (second-level documents below) will refer to Japanese national standards Management system requirements for JIS Q 15001. As the “JIS Q 15001 Personal Information Management System” follows the meticulous and detailed nature of the Japanese-style management system, it can be used as a reference for the second-level documents to achieve the best system reference.
5-4 This project will refer to some of the United States NIST800-122 for Personal Data (Personal Identifiable Information) management and control, especially their personal data form inventory and other operations. The US system’s management approach focuses on detailed execution and control. Its forms are also implemented in most government agencies. Therefore, using its forms, you can obtain reference to the implementation experience on the management and control.
5-5 ISO29100 pertinent information units used in personal information lifecycle management (Life Cycle Control), this project will reference the standard of management framework for configuration management system, and the establishment of management and control technology mechanism, so that information management job closer to international standards .
6. Regulatory inventory
This team of advisors will assist companies in organizing a law-related inventory of laws and regulations. With the assistance of professional legal experts, the risks of omissions from the inventory of consultants or dedicated personnel of each unit can be avoided.
Personal Data Protection Appropriateness Inspection Work
The protection of personal data is a legal issue. How to comply with the requirements of the law is the focus that all organizations and companies must pay attention to. Our methodology of compliance checking is based on the matured methodological framework for compliance validation in Germany and the European Union. It is based on Taiwan’s Personal Data Protection Act, its enforcement rules and other relevant ordinances as the basis for the inspection framework. It is the best way for companies to ensure compliance with capital laws by organizing checks on legal, managerial, and technical projects for the protection of funds, and assisting organizations in detecting missing and improving.
EU General Data Protection Regulations General Data Protection Regulation ( hereinafter referred to as “GDPR”) is enforced on 25 May 2017. the two companies in addition to trying to be funded protection measures, how to verify that meet the requirements of the regulations in order to avoid the risk of illegal, but it is currently facing businesses the biggest troubles of capital laws. SVITI combined with practical experience in Taiwan, a lawyer specializing in capital law, protection of personal data to verify the implementation of joint operations. This verification service introduces the methodology of the German Personal Data Protection Verification System. It examines personal data from the management, technical and legal aspects to ensure that the organization meets the requirements of the Personal Data Protection Act.
In accordance with German inspection methods for products and services, the verification service will check the following items for the protection of personal data:
Legal Requirements
Permissibility of Processing
Customer Friendliness
Employee Friendliness
User Friendliness
Transparency
Data Protection Quality Management
Data Security
Our compliance checking follows the EU and German compliance checking methodology and requirements:
Certified Technical Expert (Professionals with Information Security, Personal Data Protection and Auditing) and Certified Legal Expert(Requires lawyer qualification and pass the training of compliance checking processes)) to do the following:
Inspection preparation stage
Due to personal data protection validation check inspection process will be regulated in accordance with a financing method of collection, processing, utilization behavior check, by check inspection organization needs before the initial check inspection, carried out a capital inventory job training (Workshop for the subjects of the services or products) , and based on this request for training to produce a result of inventory.
Preliminary investigation examination (Preliminary Checking)
To conduct inspections of legal, administrative, and technical requirements on the results of organizing the inventory, the inspection will be conducted by professional approved technical experts at the site of the inspected organization to collect and determine whether the technical and management evidence required for the inspection and management of the technical and project items is in accordance with the requirements.Checklist, Legal projects are checked by on-site inspections by legal experts, or through the inspection evidence collected by technical experts to determine whether the organization’s business and control measures are in compliance with the requirements of the capital investment law; in the initial inspection, there is still a need for professional and technical engineers. Conduct technical vulnerability scans on the organization’s personal data processing related systems to ensure that the organization’s security control measures have been achieved checklist requirements.
Verification search subject (Certification Checking)
After the organization has improved on the missing results of its initial inspections, verification inspections will be conducted after the organization has submitted appropriate correction evidence. Mainly for the previous preliminary inspection of the non-conformity of the proposed project (including legal, management and technical projects ) for review operations to confirm that the non-conforming items have been improved to meet the requirements of the inspection form.
