iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN 17799:2023

(Main)

Personal data protection requirements for processing operations

Personal data protection requirements for processing operations

This document specifies baseline requirements for demonstrating processing activities compliance with the European personal data protection normative framework in accordance with EN ISO/IEC 17065. It does not however apply to products or management systems destined for processing personal data.
This document is applicable to all organizations which, as personal data controllers and/or processors, process personal data, and its objective is to provide a set of requirements enabling such organizations to conform effectively with the European personal data protection normative framework.
An organization can decide that the standard is applicable only to a specific subset of its processing activities if such a decision does not involve failure to conform with the European personal data protection normative framework.
This document also provides indications for conformity assessment with the aforementioned requirements.

Anforderungen an den Datenschutz bei Verarbeitungsvorgängen

Dieses Dokument legt die grundlegenden Anforderungen für den Nachweis fest, dass die Verarbeitungs¬tätigkeiten dem europäischen normativen Bezugsrahmen für den Schutz personenbezogener Daten in Über¬einstimmung mit EN ISO/IEC 17065 entsprechen. Es gilt jedoch nicht für Produkte oder Management¬systeme, die für die Verarbeitung personenbezogener Daten vorgesehen sind.
Dieses Dokument gilt für alle Organisationen, die – als für die Datenverarbeitung Verantwortliche („Verantwortlicher“) und/oder Auftragsverarbeiter – personenbezogene Daten verarbeiten, und sein Ziel ist es, eine Reihe von Anforderungen bereitzustellen, die es diesen Organisationen ermöglichen, sich wirksam an den europäischen normativen Bezugsrahmen für den Schutz personenbezogener Daten anzupassen.
Eine Organisation kann beschließen, dass die Norm nur auf eine bestimmte Untergruppe ihrer Verarbei¬tungstätigkeiten anwendbar ist, wenn eine solche Entscheidung nicht die Nichteinhaltung des normativen europäischen Bezugsrahmens für den Schutz personenbezogener Daten beinhaltet.
Dieses Dokument enthält auch Angaben für die Bewertung der Konformität mit den vorgenannten Anforderungen.

Exigences de protection des données à caractère personnel pour les opérations de traitement

Le présent document spécifie des exigences de base pour démontrer la conformité des activités de traitement au cadre normatif européen de protection des données à caractère personnel, conformément à l'EN ISO/IEC 17065. Il ne s'applique cependant pas aux produits ou systèmes de management destinés au traitement des données à caractère personnel.
Le présent document est applicable à tous les organismes qui, en tant que responsables de traitement et/ou sous-traitants, traitent des données à caractère personnel, et son objectif est de fournir un ensemble d'exigences permettant à ces organismes de se conformer efficacement au cadre normatif européen de protection des données à caractère personnel.
Un organisme peut décider que la norme n'est applicable qu'à un sous-ensemble spécifique de ses activités de traitement si une telle décision n'implique pas une non-conformité avec le cadre normatif européen de protection des données à caractère personnel.
Le présent document fournit également des indications pour l'évaluation de la conformité avec les exigences susmentionnées.

Zahteve za varstvo osebnih podatkov za postopke obdelave

Ta dokument določa osnovne zahteve za podpiranje mehanizma potrjevanja za varstvo podatkov, kot ga zahteva 42. člen splošne uredbe o varstvu podatkov za izkazovanje skladnosti s standardom EN ISO/IEC 17065.
Dokument se ne uporablja za izdelke ali sisteme upravljanja, zasnovane za obdelavo osebnih podatkov.
Ta dokument se uporablja za vse organizacije, ki kot upravljavci in/ali obdelovalci osebnih podatkov
obdelujejo osebne podatke, njegov cilj pa je zagotoviti nabor zahtev, ki podpirajo te organizacije pri izkazovanju skladnosti z normativnim okvirom EU na področju varstva osebnih podatkov.
Ta dokument se uporablja za vse dejavnosti obdelave organizacije ali za poseben podsklop teh dejavnosti, če ta odločitev ne vključuje neskladnosti z normativnim okvirom EU na področju varstva osebnih podatkov.
Ta dokument prav tako določa navedbe za ugotavljanje skladnosti z zgoraj navedenimi zahtevami.

General Information

Status
Published
Publication Date
24-Oct-2023
ICS
03.120.20 - Product and company certification. Conformity assessment
03.160 - Law. Administration
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 5 - Data Protection, Privacy and Identity Management
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
25-Oct-2023
Due Date
11-Jul-2022
Completion Date
25-Oct-2023
Ref Project
SIST EN 17799:2024 - Personal data protection requirements for processing operations

Buy Standard

EN 17799:2024EN 17799:2024
PreviousNext
Standard
EN 17799:2024
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-april-2024
Zahteve za varstvo osebnih podatkov za postopke obdelave
Personal data protection requirements for processing operations
Anforderungen an den Datenschutz bei Verarbeitungsvorgängen
Exigences de protection des données à caractère personnel pour les opérations de
traitement
Ta slovenski standard je istoveten z: EN 17799:2023
ICS:
03.160 Pravo. Uprava Law. Administration
35.020 Informacijska tehnika in Information technology (IT) in
tehnologija na splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 17799
NORME EUROPÉENNE
EUROPÄISCHE NORM
October 2023
ICS 03.120.20; 03.160
English version
Personal data protection requirements for processing
operations
Exigences de protection des données à caractère Anforderungen an den Datenschutz bei
personnel pour les opérations de traitement Verarbeitungsvorgängen
This European Standard was approved by CEN on 4 September 2023.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. EN 17799:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Overview . 7
5 Planning . 7
5.1 General. 7
5.2 Understanding the needs and expectations of interested parties . 7
5.3 Scope of personal data processing activities . 7
5.3.1 General. 7
5.3.2 Records of data processing activities . 8
5.3.3 Identification of the legal basis . 8
5.3.4 Data minimization . 9
5.3.5 Retention periods . 9
5.4 Policy for personal data protection . 9
5.5 Roles and responsibilities . 10
5.5.1 General. 10
5.5.2 Internal roles . 11
5.5.3 External roles . 11
5.6 Risk management . 12
5.6.1 General. 12
5.6.2 Data protection risk assessment and impact analysis . 12
5.6.3 Evaluation of the impact on data protection . 13
5.6.4 Risk treatment and treatment plan . 14
5.7 Personal data protection by design and by default . 14
6 Operational activities . 15
6.1 General. 15
6.2 Data protection notices and consent . 15
6.2.1 Data protection notices . 15
6.2.2 Consent . 15
6.3 Update of roles . 16
6.4 Personal data protection . 16
6.4.1 Erasure of data . 16
6.4.2 Implementation and maintenance of security measures . 16
6.4.3 Management of personal data breaches . 17
6.5 Data subjects’ requests for the application of their rights. 18
6.5.1 General. 18
6.5.2 Data access . 18
6.5.3 Correction . 18
6.5.4 Erasure. 19
6.5.5 Restriction of processing . 19
6.5.6 Data portability . 19
6.5.7 Objections . 19
6.5.8 Automated decisions, including profiling . 20
6.5.9 Complaints and appeals . 20
6.6 Training and awareness . 20
7 Control . 20
7.1 General . 20
7.2 Internal audits . 20
7.3 Periodical report. 21
7.4 Nonconformities and corrective actions . 22
Annex A (informative) Controllers and processors requirements mapping . 23
Bibliography . 25
European foreword
This document (EN 17799:2023) has been prepared by Technical Committee CEN/CLC/JTC 13
“Cybersecurity and Data Protection”, the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by April 2024, and conflicting national standards shall be
withdrawn at the latest by April 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland,
Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North
Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the United
Kingdom.
Introduction
Personal data protection is regulated throughout European Union according to laws, the most important
of which is the EU Regulation 2016/679 (hereafter referred to as “Regulation” or “GDPR”). This regulates
the protection of natural persons with regard to the processing of personal data but does not
contextualise it in a set of consequential or related activities.
Moreover, the Regulation refers to the establishment of data protection certification mechanisms and of
data protection seals and marks, for the purpose of demonstrating compliance with the regulation of
processing operations by controllers and processors.
Those efforts will also provide a solid basis for GDPR conformance and alignment of the European data
protection landscape with global standards. The focus of those standards is fundamentally different since
they are aimed to a management system and not to services and processes as the current document is.
ISO/IEC 27701 has been adopted as an EN, and CEN/CLC JTC 13 is undertaking a new work item on its
“Refinements in European context”. Those efforts will also provide a solid support for GDPR conformance
and alignment of the European data protection landscape with global norms. The focus of those standards
is however fundamentally different since they are aimed at a management system and not to services and
processes as the current document.
1 Scope
This document specifies baseline requirements intended to support the data protection certification
mechanism requested by Article 42 of the GDPR to demonstrate compliance in accordance with
EN ISO/IEC 17065.
It does not however apply to products or management systems destined for processing personal data.
This document is applicable to all organizations which, as personal data controllers and/or processors,
process personal data, and its objective is to provide a set of requirements supporting such organizations
in demonstrating compliance with the EU personal data protection normative framework
This document is applicable to all of an organization’s processing activities or to a specific subset of these
if such a decision does not involve failure to conform with the EU personal data protection normative
framework.
This document also provides indications for conformity assessment with the aforementioned
requirements.
2 Normative
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 1888-3:2024(Main)
Child care articles - Wheeled child conveyances - Part 3: Pushchairs intended for leisure sport activities
kSIST FprEN 1888-3:2024

This document specifies the safety requirements of pushchairs when used for running/jogging or skating (excluding ice skating), intended for the transport of one or two children up to 15 or 22 kg each.
Pushchairs intended to transport the carer while pushing (e.g. the combination of longboard and stroller) are excluded from the scope of this document.
This document applies in conjunction with and in addition to the European standards EN 1888 1:2018+A1:2022 or EN 1888-2:2018+A1:2022 and it cannot be used separately.
If the product has several functions or can be converted into another function, the relevant European standards apply to it.

  • Draft
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 15877-1:2024(Main)
Railway applications - Markings of railway vehicles - Part 1: Freight wagons
kSIST FprEN 15877-1:2024

This document specifies the markings on heavy rail freight wagons, or parts of heavy rail freight wagons, relating to their technical, operational and maintenance characteristics. It specifies the characteristics of these markings, the requirements pertaining to their presentation, their shape and position on a rail vehicle and their meaning. Some markings are accompanied with (a) note(s), where appropriate.
Tank manufacturers’ design criteria, test and product specification plates have not been considered in this document as they are specified in EN 12561 1:2011.
Where fully specified in RID [14] dangerous goods markings have not been considered in this document (dimensions, colour, location and form). Where markings are not fully specified in RID they are included in this document.

  • Draft
    126 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 2884:2024(Main)
Aerospace series - Screws, pan head, offset cruciform recess, coarse tolerance normal shank, short thread, in titanium alloy, anodized, MoS2 lubricated - Classification: 1 100 MPa (at ambient temperature)/315 °C
kSIST FprEN 2884:2024

This document specifies the characteristics of screws, pan head, offset cruciform recess, coarse tolerance normal shank, short thread, in titanium alloy, anodized, MoS2 lubricated.
Classification: 1 100 MPa /315 °C ·

  • Draft
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12159:2024(Main)
Builders hoists for persons and materials with vertically guided cages
kSISTF prEN 12159:2022

1.1   This document specifies power operated temporarily installed builders’ hoists (referred to as “hoists” in this document) intended for use by persons who are permitted to enter sites of engineering and construction, serving landing levels, having a cage:
-   designed for the transportation of persons or of persons and materials;
-   guided;
-   travelling vertically or along a path within 15° max. of the vertical;
-   supported or sustained by rack and pinion;
-   designed with and / or without support from separate structure.
1.2   This document specifies the significant hazards, hazardous situations or hazardous events relevant to the machine as listed in Annex C which arise during the various phases in the life of the machine and describes methods for the elimination or reduction of these hazards when it is used as intended and under conditions of misuse which are reasonably foreseeable by the manufacturer.
1.3   This document does not specify the additional requirements for:
-   operation in severe conditions (e.g. extreme climates, strong magnetic fields);
-   lightning protection;
-   operation subject to special rules (e.g. potentially explosive atmospheres);
-   electromagnetic compatibility (emission, immunity);
-   handling of loads the nature of which could lead to dangerous situations (e.g. molten metal, acids/bases, radiating materials, fragile loads);
-   the use of combustion engines;
-   the use of remote controls;
-   hazards occurring during manufacture;
-   hazards occurring as a result of mobility;
-   hazards occurring as a result of being erected over a public road;
-   earthquakes;
-   emission of airborne noise;
-   dual (twin) cage hoists;
-   twin masts hoists;
-   combination hoists, e.g. an EN 12159 hoist with an EN 12158-1 hoist;
-   counterweighted hoists, neither by separate counterweight nor counterweighted by another cage.
1.4   This document does not apply to:
-   builders’ hoists for the transport of goods only EN 12158-1:2021 and EN 12158-2:2000+A1:2010;
-   lifts according to EN 81-20:2020, EN 81-3:2000+A1:2008 and EN 81-43:2009;
-   work cages suspended from lifting appliances;
-   work platforms carried on the forks of fork trucks;
-   work platforms according to EN 1495:1997+A2:2009  ;
-   transport platforms according to EN 16719:2018;
-   funiculars;
-   lifts specially designed for military purposes;
-   mine lifts;
-   theatre elevators;
-   hoists with hydraulic drive/braking systems and hydraulic safety devices.
1.5   This document specifies the hoist installation. It includes the base frame and base enclosure but excludes the design of any concrete, hard core, timber or other foundation arrangement. It includes the design of mast ties but excludes the design of anchor bolts to the supporting structure. It includes the landing gates and their frames but excludes the design of any anchorage fixing bolts to the supporting structure.
1.6   This document does not apply to builders’ hoists for persons and material with vertically guided cages which are manufactured before the date of publication of this document by CEN.

  • Draft
    65 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4013:2024(Main)
Aerospace series - Shank nut, self-locking, in heat resisting nickel base alloy NI PH2601 (Inconel 718), silver plated - Classification: 1 550 MPa (at ambient temperature)/600 °C
kSIST FprEN 4013 rev:2024

This document specifies the characteristics of self-locking, shank nuts, in NI-PH2601, silver plated, for aerospace applications.
Classification: 1 550 MPa /600 °C .

  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13991:2024(Main)
Derivatives from coal pyrolysis - Coal tar based oils: creosotes - Specifications and test methods
kSIST FprEN 13991:2024

This document specifies the requirements and the test methods for creosotes for industrial wood preservation.
Different grades of creosote are used depending on the desired properties of the treated wood.
WARNING — The use of this document can involve hazardous materials, operations and equipment. This document cannot address all of the safety implications associated with its use. It is the responsibility of the user of this document to establish appropriate health and safety practices and assess the applicability of regulatory limitations prior to use. The warnings to use are covered in Annex C.

  • Draft
    16 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 915:2024(Main)
Gymnastic equipment - Asymmetric bars - Requirements and test methods including safety
kSIST FprEN 915:2024

This document specifies functional requirements (see Clause 4) and specific safety requirements in addition to the general safety requirements in EN 913:2018+A1:2021 (see Clause 5).
This document is applicable to 2 types of asymmetric bars (see Table 1) intended for use under supervision of a competent person.

  • Draft
    10 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 21420:2020/A1:2024(Amendment)
Protective gloves - General requirements and test methods - Amendment 1 (ISO 21420:2020/Amd 1:2022)
SIST EN ISO 21420:2020/oprA1:2022
  • Draft
    6 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 11890-2:2020/A1:2024(Amendment)
Paints and varnishes - Determination of volatile organic compounds(VOC) and/or semi volatile organic compounds (SVOC) content - Part 2: Gas-chromatographic method - Amendment 1 (ISO 11890-2:2020/Amd 1:2024)
SIST EN ISO 11890-2:2020/kFprA1:2024
  • Draft
    6 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17983:2024(Main)
Algae and algae products - Measurement for renewable algal raw material for energy and non-energy applications
SIST EN 17983:2024

This document specifies methods for the measurement of energy content and main elements balances of algae from cultivation or from wild growth and algae products to provide biomass, intended for renewable algal raw material used as bioenergy and in bio-based products.
This document also specifies carbon source parameters specific to algae as bio-based and it is applicable to studies covering algae production life cycle assessment (LCA) e.g. algal biomass farming or wild collection.
This document does not apply to methods of algae and algae products sampling, harvesting and pre/postprocessing.
This document does not apply to algae and algae products intended for the food and feed sector.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day