Abstract

A Study on the Information Security Management Index through Analysis of EU-GDPR(European Union-General Data Protection Regulation)

Highlights

  • In recent years, the European Union (EU) has been promoting the use of personal information by businesses that process personal information while at the same time protecting the information subject by reflecting changes in the environment of personal information processing due to universal use of the Internet, protect them in a balanced way

  • In order to establish a practical and concrete response system based on General Data Protection Regulation (GDPR) detailed compliance requirements, companies in the EU business should analyze the status of their personal information related operations and review whether they meet GDPR regulatory requirements check and change existing risk response strategies by establishing plans and presenting detailed measures for improvement requirements

  • The Personal Information Protection Act stipulates that the Minister of Administrative and / or Business Administration can certify that a series of measures related to the processing and protection of personal information of the personal information processor conform to the Act through the revision of the law in 2015 (Article 1, Article 32 1) In particular, the Ministry of Public Administration and Security and the Telecommunications and Communications Commission will start the Personal Information Protection Level (PIPL) pursuant to Article 32-2 of the Personal Information Protection Act from January 2016 under the Act on Information Network Promotion and Information Security (PIMS), which is stipulated in Article 47-3 of the Personal Information Protection Management System (PIMS)

Read more

Summary

Introduction

The EU has been promoting the use of personal information by businesses that process personal information while at the same time protecting the information subject by reflecting changes in the environment of personal information processing due to universal use of the Internet, protect them in a balanced way. Failure to take appropriate action in violation of the approved GDPR Code of Conduct Implementation of certification, seal, marking mechanism and failure to comply with requirements Violation of compliance obligation related to overseas transmission of personal information Transferring personal information to countries where the Executive Committee has not determined to provide the appropriate level Failure to obtain a penalty mechanism when transmitting personal information outside the European Union If the BCRs have not been approved by the competent oversight body and the BCRs do not guarantee the rights of the entity in relation to the processing of personal information within the corporate group In the absence of international conventions such as mutual legal assistance treaties, the transfer of personal information to a third country in the absence of a court or tribunal

Information security management index
13. IT Disaster Recovery
Physical Protection Measures
Findings
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.