M5.2.4 - DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION Implementation Guidance
The entity shall ensure data protection and privacy as required in relevant legislation, regulations, and, if applicable, contractual clauses.
Back to M5.2.4 - P3 -DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION
An organizational data protection and privacy policy should be developed and implemented. This policy should be communicated to all persons involved in the processing of personal information.
Compliance with this policy and all relevant data protection legislation and regulations requires appropriate management structure and control. Often this is best achieved by the appointment of a person responsible, such as a data protection officer, who should provide guidance to managers, users, and service providers on their individual responsibilities and the specific procedures that should be followed. Responsibility for handling personal information and ensuring awareness of the data protection principles should be dealt with in accordance with relevant legislation and regulations. Appropriate technical and organizational measures to protect personal information should be implemented.
Back to M5.2.4 - P3 -DATA PROTECTION AND PRIVACY OF PERSONAL INFORMATION
