GDPR Article 20 deals with a data subject’s right to receive a copy of their data, as soon as it’s been collected, and throughout the processing operation.
When providing the data to the subject, organisations need to ensure that it’s easily-accessible, in a common format, and free from any errors.
Right to data portability
Right to data portability
There are four key rights to consider, when discussing the concept of data portability:
In this section we talk about GDPR Articles 20 (1), 20 (2), 20 (3) and 20 (4)
ISO requires organisations to provide a copy of an individual’s data in an easily-accessible format that’s clear, error-free and pertains only to the person who made the request.
If data has been de-identified, organisations should not attempt to re-identify PII, unless legally required to do so.
Organisations should also adhere to their responsibilities regarding the direct transfer of PII to another organisation.
GDPR Article | ISO 27701 Clause | ISO 27701 Supporting Clauses |
---|---|---|
EU GDPR Articles 20 (1) to 20 (4) | ISO 27701 7.3.8 | None |
Although GDPR is a standalone regulation that you can get certified for independently, there is great benefit in taking a complementary approach alongside other key ISO standards.
For example, as a risk management standard, ISO 27001 provides comprehensive controls around the protection of information assets, while ISO 27701 provides the same, but with a specific focus on data privacy. Approaching GDPR alongside one or both of these standards will give you and your customers maximum assurance.
Our intuitive platform makes it easy to work towards multiple information security and data privacy goals, mapping your work across multiple standards and frameworks, cutting out duplication and repetition where they intersect.
After you’ve successfully achieved ISO 27001, ISO 27701 or GDPR certification, you’re in an excellent position to expand your data privacy posture to include one of our other regional privacy frameworks:
Find out more by Booking a hands on demo.
It helps drive our behaviour in a positive way that works for us
& our culture.