ISO 27552 as a Model for Establishment Personal Information Management Systems

Abstract

Technological changes and globalisation have dramatically changed the way personal data are processed. It takes time to understand the legal bases for data processing, auditing and confidentiality rules, and it cannot be easily verified that people's personal data are processed legally. Using a model for compliance with GDPR requirements turns data controllers from mere consumers of consultancy services into managers of the privacy protection system. ISO 27552 is the upgrade which gives the information security system a completely new status, transforming it into a privacy protection system.