Content library
Digital security overview
59: Henkilötietojen käsittelyn roolit ja vastuut

How to fill the requirement

Digital security overview

59: Henkilötietojen käsittelyn roolit ja vastuut

Task name
Priority
Status
Theme
Policy
Other requirements
Appointment, tasks and position of a Data Protection Officer (DPO)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Security and responsibilities
requirements

Task is fulfilling also these other security requirements

38. Position of the data protection officer
GDPR
39. Tasks of the data protection officer
GDPR
37. Designation of the data protection officer
GDPR
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
6.6: Yleiset
Self-monitoring
1. Task description

Our organization has determined whether a data protection officer should be appointed and, if so, made an appointment.

The Data Protection Officer shall be appointed if:

  • the organization handles sensitive information on a large scale
  • the organization monitors people on an extensive, regular, and systematic basis
  • the organization is a public administration actor

In addition to the appointment, it is essential to regularly assess whether the Data Protection Officer is acting in the role and performing the tasks required by the Data Protection Regulation.

Personnel guidelines for safe processing of personal and confidential data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

29. Processing under the authority of the controller or processor
GDPR
7.2.2: Information security awareness, education and training
ISO27 Full
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
12.1.1: Documented operating procedures
ISO27 Full
11.2.8: Unattended user equipment
ISO27 Full
1. Task description

The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.

Data store listing and owner assignment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

5 §: Tiedonhallintamalli ja muutosvaikutuksen arviointi
TiHL
6. Lawfulness of processing
GDPR
5. Principles relating to processing of personal data
GDPR
8.1.1: Inventory of assets
ISO27 Full
6.7: Asiakas- ja potilastietojärjestelmät, niihin liitetyt tietojärjestelmät ja muut tietojärjestelmät
Self-monitoring
1. Task description

Organisation must maintain a listing of controlled data stores and their owners. Owner is responsible for completing the documentation and other possible security actions directly related to the data store.

Data store documentation must include at least:

  • Connected responsibilities
  • Data processing purposes (covered in a separate task)
  • Data sets included in the data store (covered in a separate task)
  • Data disclosures (covered in a separate task)
  • When necessary, data stores connections to action processes
No items found.