The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.

8.เอกสารประกอบการอบรม GDPO#1_เล่มสมบูรณ์ (1)

Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Published by ebookvo65, 2023-02-23 23:10:49

8.เอกสารประกอบการอบรม GDPO#1_เล่มสมบูรณ์ (1)

8.เอกสารประกอบการอบรม GDPO#1_เล่มสมบูรณ์ (1)

Keywords: 8.เอกสารประกอบการอบรม GDPO#1_เล่มสมบูรณ์ (1)

The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 63 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 64


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 65 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 66


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 67 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 68


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 69 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 70


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 71 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 72


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 73 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 74


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 75 76 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf


77 78


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 79 80 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 81 82 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf


The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 83 The original version is available at https://www.audit-academy.be/images/downloads/IS-ISO27701-2019V1.pdf 84


85 Data Owner and Data Controller https://cissprep.net/data-ownership/ 86 Data Owner and Data Controller https://cloudgal42.com/data-privacy-difference-between-data-owner-controller-and-data-custodian-processor/ A summation of all the roles related to ensuring data privacy are: Data subject: One who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity (e.g., telephone number, IP address). Data steward: Responsible for data content, context, and associated business rules. Data custodian: Responsible for the safe custody, transport, and storage of the data and implementation of business rules. Data owner: Holds legal rights and complete control over data elements. Personal data: Any information relating to an identified or identifiable natural person, such as sensitive/health data, biometric data, and telephone traffic data. Data controller: The natural or legal person, public authority, agency, or any other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of processing are determined by national or community laws or regulations, the controller or the specific criteria for the nomination of the controller may be designated by national or community law. Data processor: A natural or legal person, public authority, agency, or any other body that processes personal data on behalf of the controller. There are situations where an entity can be a data controller, or a data processor, or both. Data Privacy: Difference Between Data Owner/Controller and Data Custodian/Processor


87 What is Data Ownership? https://www.talend.com/resources/gdpr-compliance-assigning-data-owners/ 88 THANK YOU. ( )


1 2 PDPA Thailand DDTI) IT (TPDPA) DPOA) 2558-2560 2556-2560 2554-2556 2553-2556 2547-2553 Strategy , Digital Business Model, Business Model , Marketing Strategy , Digital Marketing , Social Commerce , E-commerce , EBusiness PDPA . Udomtipok Phaikaset, Ph.D. PDPA PDPA PDPA PDPA Train The Trainer) PDPA PDPA SME PDPA


3 Module 4: - Data Protection Impact Assessment) - Risk Management) - Incident Management) Workshop 2 4


5 Learning Outcome) 1. 2. 3. 4. 6 1. DATA PROTECTION IMPACT ASSESSMENT: DPIA


7 DPIA (flows) PDPA 8 DPIA (A) (B)


9 1. 2. 3. 4. 5. 6. DPIA 10 7. 8. 9. 10. DPIA


11 1. 2. 3. 4. 5. DPIA 12 DPIA DPIA DPIA LIFE CYCLE


13 DPIA DPIA 1. DPIA DPO DPIA DPIA 2. DPIA DPIA (ASSESS NEED FOR DPIA) 14 DPIA (PLAN DPIA) (Project description) DPIA DPIA DPIA (Scope of DPIA) DPIA (Define risk assessment framework or methodology) (Parties involved) DPIA (DPIA timeline) DPIA


15 (IDENTIFY PERSONAL DATA AND PERSONAL DATA FLOWS) DPIA 16 (IDENTIFY AND ASSESS DATA PROTECTION RISKS) DPIA DPIA (PDPA) (PDPA) (


17 (Risk Assessment Framework) (likelihood) (impact) (IDENTIFY AND ASSESS DATA PROTECTION RISKS) 18 (CREATE AN ACTION PLAN) DPIA 1) 2) 3) DPIA


19 DPIA 1. 2. 3. 4. 5. (CREATE AN ACTION PLAN) 20 (IMPLEMENT ACTION PLAN AND MONITOR OUTCOMES) DPIA DPIA DPO DPO DPIA


21 DPIA (IMPLEMENT ACTION PLAN AND MONITOR OUTCOMES) 22 Risk Management)


23 Risk Management) 1. 2. 3. 24


25 PDPA 1. 2. 3. 4. 26 1. 2. 3. 4. 5.


27 ISO 31000: 2018) 28 organizational measures ) 2. technical measures ) 3. physical measures )


29 Organizational Measures) 30 Technical Measures ) Access Control) 2. Audit Control) 3. Integrity Control) 4. Transmission Security) -


31 Physical Measures ) 32 Likelihood) Impact) Risk Score ( x


33 likelihood) impact) 34 Likelihood criterion) Certain (Likely) (Possible) Unlikely = Rare


35 Severe Major Moderate Minor Insignificant Impact criterion) 36 DPO


37 38


39 Incident Management) 40 Incident Management) 1. Incident 2. Incident management


41 42 1. 2. 3. 4. 5. Incident


43 IT Incident) Service Requests) Problem Management) 44 Preparation Identification Containment Eradication Recovery Lessons Learned


45 46 THANK YOU.


Click to View FlipBook Version