FBIM Transactions

On 25 May 2018 in all countries of the European Union came into force The General Data Protection Regulation – GDPR. The protection of the rights and freedoms of individuals with regard to the processing of personal data requires that appropriate technical and organizational measures be taken to ensure compliance with the requirements of this Regulation. For breaches of the provisions relating to the security of processing, administrative fines of up to EUR 10 000 000 are envisaged, or in the case of an undertaking, up to 2 % of the total worldwide annual turnover of the preceding financial year, whichever is higher. In this paper, we present the obligations of carrying out the appropriate technical and organizational measures for the protection of personal data and the demonstration of conformity with the use of international standards.

Babić. T. (2018). Procjena rizika i procjena učinka na zaštitu podataka Preuzeto sa: http://www.gdpr-simpozij.com/assets/00---procjena-rizika-i-procjena-ucinka-na-zastitu-podataka.pdf Pristupljeno 24.08.2018

CNIL. (2018). Privacy Impact Assessment (PIA) 3 : knowledge bases. Commission Nationale de l'Informatique et des Libertés

Hamidovic, H. (2010). An Introduction to the Privacy Impact Assessment Based on ISO 22307. ISACA Journal. Volume 4, 2010, The Information Systems Audit and Control Association

Hamidović, H. (2012). EU smjernice iz oblasti informacijske sigurnosti u sektoru telekomunikacija. Telekomunikacije. God.11, br. 37, 2012, Bosanskohercegovačko udruženje za telekomunikacije Sarajevo

Hamidović, H. (2013). Opći model upravljanja zakonskim zahtjevima informacijske sigurnosti. Zbornik radova sa Treće internacionalne naučne konferencije “Ekonomija integracija” ICEI 2013 „Znanjem od recesije ka prosperitetu“, održane od 6. – 7. decembar 2013. god. Tuzla, Bosna i Hercegovina, Univerzitet u Tuzli

Meissner S. (2017). Experiences from data protection certification and the use of standards orthe lack thereof Preuzeto sa: https://www.enisa.europa.eu/events/enisa-cscg-2017/enisa-cscg-2017-agenda Pristupljeno 23.08.2018

Standard. (2013). ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems – Requirements. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

Standard. (2014). ISO/IEC 27018:2014 Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

Standard. (2017). ISO/IEC 29151:2017 Information technology -- Security techniques -- Code of practice for personally identifiable information protection. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

Standard. (2017). ISO/IEC 29134:2017 Information technology -- Security techniques -- Guidelines for privacy impact assessment. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

Standard. (2018). ISO/IEC CD 27552 Information technology -- Security techniques -- Enhancement to ISO/IEC 27001 for privacy management -- Requirements. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

Uredba. (2016, maj 4). Uredba (EU) 2016/679 Europskog parlamenta i Vijeća od 27. aprila 2016. o zaštiti pojedinaca u vezi s obradom osobnih podataka i o slobodnom kretanju takvih podataka te o stavljanju izvan snage Direktive 95/46/EZ (Opća uredba o zaštiti podataka). Službeni list Europske unije, L 119/1