Identification of assets in the process of privacy protection

Abstract

Currently, the issue of personal data protection is a topical issue, because of the expected approval of the Personal Protection Act in the Slovak Republic, which will be the transposition of GDPR. The paper provides a guidance on identifying of assets and interrelated or interacting activities in connection with the process of identifying, analysing, evaluating, consulting, communicating and planning the treatment of potential privacy impacts with regard to the processing of personally identifiable information, framed within an organization’s broader risk management framework. In the context of a privacy risk management process, personally identifiable information will be considered as an asset. For the purposes of this article, the terms and definitions given in ISO / IEC 29100, ISO / IEC 29134, ISO / IEC 27000, ISO / IEC 27005, ISO Guide 73 will be used.