The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 63 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 64
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 65 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 66
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 67 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 68
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 69 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 70
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 71 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 72
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 73 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 74
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 75 76 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf
77 78
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 79 80 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 81 82 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf
The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 83 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 84
85 Data Owner and Data Controller https://cissprep.net/data-ownership/ 86 Data Owner and Data Controller https://cloudgal42.com/data-privacy-difference-between-data-owner-controller-and-data-custodian-processor/ A summation of all the roles related to ensuring data privacy are: Data subject: One who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity (e.g., telephone number, IP address). Data steward: Responsible for data content, context, and associated business rules. Data custodian: Responsible for the safe custody, transport, and storage of the data and implementation of business rules. Data owner: Holds legal rights and complete control over data elements. Personal data: Any information relating to an identified or identifiable natural person, such as sensitive/health data, biometric data, and telephone traffic data. Data controller: The natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by national or community laws or regulations, the controller or the specific criteria for the nomination of the controller may be designated by national or community law. Data processor: A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the controller. There are situations where an entity can be a data controller, or a data processor, or both. Data Privacy: Difference Between Data Owner/Controller and Data Custodian/Processor
87 What is Data Ownership? https://www.talend.com/resources/gdpr-compliance-assigning-data-owners/ 88 THANK YOU. ( )
1 2 PDPA Thailand DDTI) IT (TPDPA) DPOA) 2558-2560 2556-2560 2554-2556 2553-2556 2547-2553 Strategy , Digital Business Model, Business Model , Marketing Strategy , Digital Marketing , Social Commerce , E-commerce , EBusiness PDPA . Udomtipok Phaikaset, Ph.D. PDPA PDPA PDPA PDPA Train The Trainer) PDPA PDPA SME PDPA
3 Module 4: - Data Protection Impact Assessment) - Risk Management) - Incident Management) Workshop 2 4
5 Learning Outcome) 1. 2. 3. 4. 6 1. DATA PROTECTION IMPACT ASSESSMENT: DPIA
7 DPIA (flows) PDPA 8 DPIA (A) (B)
9 1. 2. 3. 4. 5. 6. DPIA 10 7. 8. 9. 10. DPIA
11 1. 2. 3. 4. 5. DPIA 12 DPIA DPIA DPIA LIFE CYCLE
13 DPIA DPIA 1. DPIA DPO DPIA DPIA 2. DPIA DPIA (ASSESS NEED FOR DPIA) 14 DPIA (PLAN DPIA) (Project description) DPIA DPIA DPIA (Scope of DPIA) DPIA (Define risk assessment framework or methodology) (Parties involved) DPIA (DPIA timeline) DPIA
15 (IDENTIFY PERSONAL DATA AND PERSONAL DATA FLOWS) DPIA 16 (IDENTIFY AND ASSESS DATA PROTECTION RISKS) DPIA DPIA (PDPA) (PDPA) (
17 (Risk Assessment Framework) (likelihood) (impact) (IDENTIFY AND ASSESS DATA PROTECTION RISKS) 18 (CREATE AN ACTION PLAN) DPIA 1) 2) 3) DPIA
19 DPIA 1. 2. 3. 4. 5. (CREATE AN ACTION PLAN) 20 (IMPLEMENT ACTION PLAN AND MONITOR OUTCOMES) DPIA DPIA DPO DPO DPIA
21 DPIA (IMPLEMENT ACTION PLAN AND MONITOR OUTCOMES) 22 Risk Management)
23 Risk Management) 1. 2. 3. 24
25 PDPA 1. 2. 3. 4. 26 1. 2. 3. 4. 5.
27 ISO 31000: 2018) 28 organizational measures ) 2. technical measures ) 3. physical measures )
29 Organizational Measures) 30 Technical Measures ) Access Control) 2. Audit Control) 3. Integrity Control) 4. Transmission Security) -
31 Physical Measures ) 32 Likelihood) Impact) Risk Score ( x
33 likelihood) impact) 34 Likelihood criterion) Certain (Likely) (Possible) Unlikely = Rare
35 Severe Major Moderate Minor Insignificant Impact criterion) 36 DPO
37 38
39 Incident Management) 40 Incident Management) 1. Incident 2. Incident management
41 42 1. 2. 3. 4. 5. Incident
43 IT Incident) Service Requests) Problem Management) 44 Preparation Identification Containment Eradication Recovery Lessons Learned
45 46 THANK YOU.