The above model describes a basic concept of how Privacy Data & Information Security interconnect or relate towards eachother and are indespensable when implementing technical measures into your organizations IT-landscape.
The model shows that the GDPR and InfoSec principles overlap to some extent. Especially when you consider the CIA triad of ISO27001 with regards to Confidentiality, Integrity and Availablity of information. The CIA triad relates directly to the GDPR principles of Secure Data when at rest, transfer or being processed. Other GDPR principles directly related to the InfoSec principles are for example accuracy and retaining of data.
When implementing the Privacy related laws & regulations and Information Security control objectives into the applications landscape of an organization the model shown forms a basis for a comprehensive approach as part of Privacy & Security by Design.
Transformation towards Cloud
The IT tranformation towards cloud seems to be a trend in most of the corporate and even SME enterprises. This comes however with a large price due to complexity of the existing and mostly legacy IT landscape. The complexity of the landscape gives an extra challenge when implementing systems, network and application controls to reduce risk and comply to laws and regulations.
In order to implement the application controls into an organizations applications landscape the model shown gives the basic overview and outlines the need to translate laws, regulations, international security frameworks into applications and other controls based on current Enterprise Data Models and Business Processes.
The model can be seen as an overlay on the overall enterprise IT architecture and reduces the complexity of the implementation of controls in the IT landscape.
InformationSecure has the experience to assess, advice and implement IT tranformation in your organization on the basis of this model and other best practices related to it.