摘要
歐洲隱私權法規-一般資料保護規定(EU General Data Protection Regulation, 簡稱GDPR)於2016年正式發布並以於2018年5月25日生效,ISO標準組織為因應GDPR合規及加強隱私保護完整性,在內容上以隱私保護為核心並進行全面性的規範,以確保組織內隱私保護、資料的安全性、完整性及可用性,並且有效進行管控,著手起草ISO/IEC 27552,後以ISO/IEC 27701: 2019進行發布。為瞭解ISO/IEC 27701: 2019以及ISO/IEC 275522^(nd) CD內容差異進行比對,對照GDPR於ISO/IEC 27701: 2019以及ISO/IEC 275522^(nd) CD中,所列項目完整度是否無對應上的缺漏。也同時比較ISO/IEC 27001: 2013、ISO/IEC 27002: 2013、ISO/IEC29100: 2011、ISO/IEC 29151: 2017與ISO/IEC 27018: 2019完整度及對應上項目差異。
並列摘要
The EU General Data Protection Regulation (GDPR) was officially released in 2016, and took effect on May 25, 2018. The International Organization for Standardization (ISO) considered improving privacy protection a core subject in the new GDPR compliance. To ensure adequate privacy protection, data security, integrity, availability and effective management and control within an organization (the "Items"), ISO began the drafting of ISO/IEC 27552, and then ISO/IEC 27701: 2019 was released. In order to understand the differences between ISO/IEC 27701: 2019 and ISO/IEC 27552 2^(nd) CD, we further compared the incorporation of GDPR provisions in ISO/IEC 27701: 2019 and ISO/IEC 27552 2^(nd) CD to find out whether the protection provided by these two ISOs for the Items was adequate. In this paper, we also discuss and compare ISO/IEC 27701: 2019 with other standards, such as ISO/IEC 27001: 2013, ISO/IEC 27002: 2013, ISO/IEC 29100: 2011, ISO/IEC 29151: 2017 and ISO/IEC 27018: 2019, to find the differences in their protection of the Items.