Fundmentals
fccDataPrivacy is essentially based on the following principles:
- Legal basis
- GDPR (EU General Data Protection Regulation)
- nDSG (the revised Swiss Data Protection Act)
- Standards
In addition to the well-known standards such as BSI-Grundschutz or ISO 27001 in the area of information security, a new group of standards has been established especially for the SME sector, which substantially reduces the rather high planning and implementation costs of BSI-Grundschutz and ISO 27001.
- VdS 10000 (Edition 2018-12)
VdS 10000 describes the implementation of an information security management system. It can be seen as the "little sister" of ISO 27001: with 20% of the effort required, 80% of the security level of ISO 27001 can be achieved (statement by VdS).
And anyone who still wants to switch to ISO 27001 at a later date can do so on the basis of the work already done on VdS 10000
https://vds.de/en/expertise/cyber-security - VdS 10010 (2017-12 edition)
VdS 10010 describes guidelines for the implementation of the GDPR. With the compact guide, which is specially tailored to small and medium-sized enterprises, the legal, organisational and technical requirements of the GDPR can be implemented in a clearly structured manner and with manageable effort
https://vds.de/en/expertise/cyber-security/certification/data-protection-for-smes-vds-10010-in-accordance-with-gdpr
Also important: a certification process exists for both standards.
fccDataPrivacy is essentially based on the VdS standards VdS 10000 (information security) and VdS 10010 (data protection).
- VdS 10000 (Edition 2018-12)
- Relevant technical literature.