Today we want to tell about a Data Privacy Framework;
Last years Data Privacy is being focused by security professionals. There are so many guide or framework about data privacy or data governance. But generally these standards are not focused only data. They are including general security, project management, BCP, or others.
In this situation IT auditors and security managers need a specific framework or control list that only focused Data Privacy. NOREA Guide Privacy Control Framework was developed for this needs. As their own words;
“NOREA Guide Privacy Control Framework is issued by NOREA, the professional association of IT-auditors in the Netherlands and was developed for Dutch chartered IT-auditors (Register IT auditors, RE’s) to guide them to issue privacy control reports under the EU-General Data Protection Regulation (GDPR) and the International Standards on Assurance Engagements (ISAE). The Privacy Control Framework (PCF) provides the suitable criteria.
The PCF was built by a working group of NOREA between November 2017 and April 2018. The initial efforts were further elaborated and structured into this document, which was peer-reviewed and subsequently submitted for approval to NOREA’s Professional Practices Committee (“Vaktechnische Commissie”) on March 27th 2018.”
The framework is integrated GDPR needs too. So you can use these controls for compliance check with GDPR.
The Privacy Control Framework prescribed control objectives has been defined e.g. making usage of the following ‘best practice’ frameworks (as stated by Koetsier and Ougajou in their thesis and subsequent publication in “De IT-auditor”):
- GAPP Principles – issued by the AICPA/CICA
- NIST SP800-R53 Privacy Control Catalog
- The NOREA Raamwerk Privacy Audit
- EuroPriSe framework.
We won’t write a link here for the document because for future versions it can be change. But you can search on web and find easily.