NOTAS: | "As security of personal data processing is a key obligation for data controllers and processors under the General Data Protection Regulation Article 32, ENISA has proposed in 2018 a risk-based approach for the adoption of security measures for the protection of personal data. Following this, a number of use cases has also been provided to demonstrate the use of the risk-based approach in practice,
together with an analysis of the different security measures (and possible implementation options). In order to support the practical implementation of the aforementioned ENISA’s guidance, an online platform was developed, which consolidates and simplifies the risk-based adoption of security measures for all interested parties. This report presents the focus and main functionalities of the ENISA’s online platform for the security of personal data processing. This platform is only one tool, which cannot replace the need of a greater compliance and accountability framework for personal data protection on the data controllers or data processors side. Moreover, the use of the ENISA approach can be beneficial for organisations only if the special characteristics of personal data security are adequately embraced and integrated with security risk management methodologies." |