• CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Establishment of CMS (Compliance Management System) as an independent system
      • The establishment of CMS as the initiator of the implementation of other management and integration systems
      • Compliance Management System as part of a digitized management system for the entire business system
      • GDPR/Privacy protection management
      • Anti-corruption management system (ISO 37001)
      • Protection of whistleblowers
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Menu
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Establishment of CMS (Compliance Management System) as an independent system
      • The establishment of CMS as the initiator of the implementation of other management and integration systems
      • Compliance Management System as part of a digitized management system for the entire business system
      • GDPR/Privacy protection management
      • Anti-corruption management system (ISO 37001)
      • Protection of whistleblowers
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Search
EN
  • HR
[ivory-search id="3372" title="Search form laptop"]

HR 

  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • GDPR/Upravljanje zaštitom privatnosti
      • Zaštita prijavitelja nepravilnosti
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u svibnju, lipnju i srpnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • GDPR/Upravljanje zaštitom privatnosti
      • Zaštita prijavitelja nepravilnosti
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari u svibnju, lipnju i srpnju!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
Menu
  • Konzalting
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje poslovnim rizicima
      • Uspostava CMS-a (Compliance Management System) kao samostalnog sustava
      • Uspostava CMS-a (Compliance Management System) kao pokretača implementacije drugih sustava upravljanja i integracije
      • Uspostava CMS-a(Compliance Management System) kao dio digitaliziranog sustava upravljanja cijelim poslovnim sustavom
      • GDPR/Upravljanje zaštitom privatnosti
      • Zaštita prijavitelja nepravilnosti
      • Upravljanje antikorupcijskim sustavom (ISO 37001)
      • Elektronička identifikacija i usluge povjerenja u skladu s eIDAS Uredbom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • Edukacije
    • Kalendar edukacija
    • Seminari u svibnju, lipnju i srpnju!
  • e-learning
  • O nama
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • Novosti
  • Blog
  • Kontakt
  • En
    • Hr

Homepage > Consulting > Risks and compliances > GDPR/Privacy protection management

GDPR/Privacy protection management

GDPR Why is it important to align business with the GDPR Regulation?

The General Data Protection Regulation has been in effect since May 25, 2018, and as a regulatory framework of the European Union, it has greatly changed the way personal data is collected and processed. The most important part of the regulation is the process of data collection and processing, which should be recorded in such a way that it is known who collects and processes data, for what purpose and on what basis.
The General Data Protection Regulation sets out detailed requirements for organizations regarding the collection, storage and management of personal data. The regulation applies to European organizations that process personal data of individuals in the European Union and organizations outside the European Union that are directed at people living in the EU.
Personal data is all data relating to an individual whose identity has been determined or can be determined, called the respondent. Personal data includes information such as name and surname, address, ID or passport number, IP address, etc. There are special categories of data that cannot be processed such as racial or ethnic origin, sexual orientation, political views, biometric or health data , etc.
The two key roles in the processing of personal data are the controller and the processor. The data controller decides on the purpose and method of data processing, and the processor stores and processes the data on behalf of the data controller.
The General Data Protection Regulation lays down strict rules for data processing based on consent. The aim of these rules is to ensure that the individual understands what he is agreeing to. This means that consent should be voluntary, specific, informed and unambiguous and given on the basis of a request written in clear and simple language. Consent should be given by an affirmative act, such as checking a box online or signing a form.

The role of the personal data protection officer

The Data Protection Officer (DPO), who is appointed by an organization as necessary, is responsible for supervising how personal data is processed and for informing and advising employees who process personal data about their obligations. This officer also cooperates with the data protection authority and is the contact point for individuals and the data protection authority. A data protection officer should be appointed if the organization regularly or systematically monitors individuals or processes special categories of data, if data processing is a core business activity and if a large amount of data is processed.

Personal data is any information that can be used to uniquely identify, contact or locate individuals or, in combination with other sources of information, ensure their unique identification. Examples are: first and last name, OIB, location data, credit card numbers, etc.

PRIVACY PROTECTION MANAGEMENT
What is personal data?

Why is it important to care about privacy?

Over the past years, we have witnessed a large number of incidents in which personal data was misused, which affected numerous individuals and organizations. An example of such incidents are those in which identity theft occurred and their use for illegal purposes. It can be said that the main reasons for personal data protection are the following:
• Privacy protection of personal data owners
• Compliance with legal and regulatory requirements
• Implementation of corporate responsibility
• Increasing user credibility
• Reducing the number of security breaches.
In order to prevent such incidents, it is recommended that organizations implement information security systems aimed at protecting the privacy and personal data of individuals. For this purpose, the ISO/IEC 29100 standard can be used, which provides a framework for privacy and harmonization of ICT systems containing personal data, all for the purpose of better protection of personal data and improvement of organizations’ privacy programs through best available practices.


“43% of organizations experience a data security breach during one business year, and the increasing trend is 10% per year.” – Ponemon Institute report

What is ISO 29100 and how can it help in privacy protection management?

ISO/IEC 29100 is intended for use by individuals and organizations involved in the design, development, procurement, testing and maintenance of ICT systems in which they wish to protect all personal data contained in these systems. This privacy framework has been developed to assist organizations in defining their privacy requirements relating to all information as follows:
• specifying common privacy terminology,
• defining the actors and their roles in the processing of personal data
• describing privacy protection options and
• providing references to known IT privacy principles.
Although there are several existing standards related to security such as (ISO 27001, ISO 27002, ISO 27018 etc.), ISO/IEC 29100 focuses more on the processing of personal data.
The continuous growth in the complexity of ICT systems makes it difficult to protect privacy and comply with various applicable laws. Therefore, the ISO/IEC 29100 standard provides eleven essential privacy principles that have been developed to take into account applicable legal and regulatory, contractual, commercial and other relevant factors.
In addition, these principles can be used to guide, design, develop, and implement privacy policies and controls, and to conduct audits of an organization’s privacy management program. As can be seen in the figure, providers and recipients of personal data are identified as participants. Providers of personal data can be users of ICT systems, data owners or subscribers, while providers of application solutions or administrators are known as recipients of personal data. Privacy preferences are set by providers of personal data, and security measures are applied throughout the entire life cycle of information, from collection, storage, use, transfer to its deletion.

Source: PECB Whitepaper ISO 29100

How can ZIH help you?

GDPR
For the needs of your organization, ZIH can carry out the following activities:
• Analysis of the current situation and identification of personal data records
• Education of employees
• Conducting a privacy impact assessment (DPIA) and protection of personal data
• Consulting in the implementation of organizational compliance measures
The first phase includes an analysis of the current state of compliance with the requirements of the Regulation related to the processing of personal data (collection, recording, organization, storage, modification, use, publication, deletion, etc.).
The training of employees who work with personal data includes obligations regarding the GDPR Regulation and the manner in which personal data is handled. ZIH can organize several different trainings, including training and certification of personal data protection officers (DPOs).
The goal of the analysis is the identification of all necessary improvements for the purpose of compliance with the Regulation. The Data Protection Impact Assessment (DPIA) is conducted with the aim of identifying possible privacy problems that may arise during activities involving the processing of personal data.
Consulting in the implementation of organizational measures includes the harmonization of existing internal acts and the preparation of new ones for the purpose of full compliance with the GDPR Regulation. This implies the preparation of internal acts to regulate all obligations arising from the Regulation regarding the protection of personal data, including the protection of their confidentiality, integrity and availability, and the possibility of adequate management of incidents that may endanger personal data.


PROTECTION OF PRIVACY
Depending on the needs of users and the current state of implemented security measures, ZIH proposes a possible work approach, guided by international norms and frameworks. In accordance with this, we organize workshops with management and with the expert guidance of our consultants, we help users to successfully implement their privacy management systems that will ensure successful protection of their personal data.
ZIH achieves this through the following consulting services:
• Preparation of privacy management system implementation projects according to the ISO 29100 standard and creation of a realization plan
• Analysis of the current state (GAP) and identification of processes relevant to privacy
• Creation of the necessary documentation of the privacy management system according to the ISO 29100 standard
• Assistance in the implementation of measures to ensure the privacy of individuals whose personal data the organization disposes of
• Implementation of internal assessments / participation and consultation in internal assessment procedures
• Elimination of detected inconsistencies in the privacy management system

Performing these tasks raises the level of security of the systems in which personal data is stored and raises the awareness of all employees so that this data, as well as the privacy of the persons to whom it belongs, is maximally protected.
Education in the mentioned areas:
• Application of the Personal Data Protection Regulation (GDPR)
• Education and certification of personal data protection officers
• Certified GDPR Foundation (PECB)
• Certified GDPR Data Protection Officer (PECB)
• Certified ISO 29100 Foundation (PECB)
• Certified ISO 27701 Foundation (PECB)
• Certified ISO 27701 Lead Implementer (PECB)

• Certified ISO 27701 Lead Auditor (PECB)

You may also be interested in these services and trainings:

Education

Compliance management in the business system

Read more

Education

Why and how to manage information security systems

Read more

Service

Compliance management

Read more

Service

Anti-corruption system management (ISO 37001)

Read more

Why ZIH?

ZIH has more than 20 years of rich experience in implementing security and privacy management systems, implementing security measures in accordance with the requirements of the General Data Protection Regulation (GDPR), and providing training in the aforementioned areas.

Do you want a short presentation or offer?

REQUEST AN INQUIRY

Contact us

Fill out the form and our staff will contact you and arrange a visit or online meeting to find out how we can help you.
We want to share with you our experiences and the latest trends that can help you in your daily business.

Consulting

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATIONS

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATION CALENDAR

ABOUT US

Partners

ZIH team

ZIH’s Authorities

Reference list

NEWS

BLOG

NEWS

BLOG

CONTACT

Trg Antuna, Ivana i Vladimira Mažuranića 8, 10 000 Zagreb
 
Telefon: +385 1 4855 271
Fax: +385 1 4855 272
E-mail: zih@zih.hr
 
IBAN: HR7423400091100013041
 
OIB: 34774399108

NEWSLETTER

Stay up to date with the news and services we provide
Facebook Youtube Linkedin
Copyright © 2022. ZIH
Pravila privatnosti
Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Dizajn i programiranje: Prospekt d.o.o.
Copyright © 2022. ZIH

Privacy policy

Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Design and programming: Prospekt d.o.o.