Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator.

Slides:

Advertisements

Similar presentations

ENQA seminar: Programme oriented and institutional oriented approaches to quality assurance - New developments and mixed approaches Berlin, 13/14 June.

Advertisements

Chapter 6 Process and Procedures of Testing

AUDIT IN PUBLIC ADMINISTRATION Assoc. Prof. Dr. Recai AKYEL President of the TCA 04 JUNE 2013 TIRANA/ALBANIA.

The New TNI Laboratory Accreditation Standards Requirements for an Accreditation Body.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Enhancing Data Quality of Distributive Trade Statistics Workshop for African countries on the Implementation of International Recommendations for Distributive.

Legal Executives By Lisa Incledon. Legal Executives Qualified lawyer Normally specialising in a particular area of law To be a fully qualified ‘Legal.

Spring Conference of the European Privacy Commissioners 2002 in Bonn 1 Privacy Protection Audit/Seal of Quality - Practical Experience Dr. Helmut Bäumler.

EMS Auditing Definitions

9.401 Auditing Chapter 1 Introduction. Definition of Auditing The accumulation and evaluation The accumulation and evaluation Of evidence about information.

Quality evaluation and improvement for Internal Audit

The Information Systems Audit Process

SAFA- IFAC Regional SMP Forum

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

1 Human resources management in NSOs Training workshop for SADC member states. Luanda, 2-6 Dec 2006 Olav Ljones, Deputy Director General, Statistics Norway.

Standards and Guidelines for Quality Assurance in the European

Exemptions and the Public Interest Test Louise Townsend - Masons.

Internal Auditing and Outsourcing

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Clinical Research Conference 2012 Legal, Ethical, and Social Dimensions of Clinical Research Takis Vidalis, Ph. D., Hellenic National Bioethics Commission.

Quality assurance in IVET in Romania Lucian Voinea Mihai Iacob Otilia Apostu 4 th Project Meeting Prague, 21 st -22 nd October 2010.

Some points of view about Chapters 3 and 4 Grundtvig project

Circulation of authentic instruments under Regulation 650/2012 speaker – Ivaylo Ivanov – Bulgarian Notary Chamber.

Governance & reporting considerations in the new world of NFPs & the ACNC +Dr Eva Tsahuridu – Policy Adviser, Professional Standards & Governance, CPA.

M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.

The Structure and Role of QA Bodies at the University and faculty/department levels UNIVERSITY OF BELGRADE Serbia.

GUIDELINES ON CRITERIA AND STANDARDS FOR PROGRAM ACCREDITATION (AREA 1, 2, 3 AND 8)

Quality Assurance Systems in Higher Education in Uzbekistan TerSU / TSAU Z.Djumaev, S.Islomov S.Adilov.

Appendix E – Checklist for Review of Performance Audits Presented by: Ashton Coleman Department of Defense Office of the Inspector General August 16, 2012.

© OECD A joint initiative of the OECD and the European Union, principally financed by the EU Co-operation Between the Ministry of Finance and the Court.

10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.

QUALITY ASSURANCE IN BULGARIAN HIGHER EDUCATION Prof. Anastas Gerdjikov Sofia University March 30, 2012.

King Saud University, College of Science Workshop: Programme accreditation and quality assurance Riyadh, June 15-16, 2009 I.2 Relevant Documents

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

Training and Certification - Mentoring Marija Matek Training Coordinator for Internal Auditors Ministry of Finance of the Republic of Croatia Central Harmonisation.

1 Internal Audit. 2 Definition Is an independent activity established by management to examine and evaluate the organization’s risk management processes.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

Harmonization project CAS project group (Chair, Slovakia, European Court of Auditors) CAS meeting Batumi, Georgia 27th of September 2011.

4th Conference on Information Society Infobalt, Vilnius 1 Privacy Protection Audit and IT Security Problems in Germany Dr. Thilo Weichert Independent Centre.

Consistency of Assessment (Validation) Webinar – Part 1 Renae Guthridge WA Training Institute (WATI)

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

Revised AQTF Standards for Registered Training Organisations Strengthening our commitment to quality - COAG February August 2006.

Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.

AN INTRODUCTION TO COMPLIANCE AUDITING Ram Mohan Johri Principal Accountant General Himachal Pradesh.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Company Confidential RMC Auditor Workshop Charleston, SC

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

February, MansourahProf. Nadia Badrawi Implementation of National Academic Reference Standards Prof. Nadia Badrawi Senior Member and former chairperson.

The role and responsibilities of the EITI Board Members Lima, 23 February 2016 Christian Fr. Michelet.

Practical Use of International Standards in the Control and Auditing Activities of Federal Treasury Prague, March, 2016 Head of Internal Control (Audit)

F8: Audit and Assurance. 2 Audit and Assurance Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B:

F8: Audit and Assurance. 2 Designed to give you knowledge and application of: Section A: Audit Framework and Regulation Section B: Internal audit Section.

“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Introduction to Compliance Auditing

COPYRIGHT © FIDUCIARY YOUR GUIDE TO GLOBAL FIDUCIARY INSIGHTS Prudent Practices for Investment Fiduciaries.

AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.

EVALUATING EPP-CREATED ASSESSMENTS

DEVELOPMENT OF STUDY PROGRAMS IN UNIVERSITY OF PRISHTINA/KOSOVO

Auditor Training Module 1 – Audit Concepts and Definitions

The role of tax advisers - initial considerations -

Internal and Governmental Financial Auditing and Operational Auditing

Service Organization Control (SOC)

LATIHAN MID SEMINAR AUDIT hiday.

Bulgaria Higher Education System

DNV experiences and viewpoints

INTRODUCTION TO Compliance audit METHODOLGY and CAM

Communication and Consultation with Interested Parties by the RB

GDPR - New Data Protection Regulation

GDPR & Accountability ISACA Ireland Annual Conference 2018

Strengthening of Internationalisation in B&H Higher Education

Presentation transcript:

Monika W ó jtowicz, LL.M. European Privacy Seal Certification of evaluators and the application procedure from the perspective of an EuroPriSe evaluator

1 EuroPriSe Expert Admission Procedure - Objectives-  Admission procedure ensures:  quality, consistency and comparability of evaluation results  independence and reliability of experts © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Proof of qualification: legal and/or technical  Self-declaration  Training and work specimens  Workshop & training evaluation  Proof of reliability and independence  Self-declaration  Admittance by certification body  Agreement EuroPriSe Expert Admission Procedure - Requirements- © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Self-declaration from applying experts with respect to proficiency  General professional experience  Three years with higher education or five years without higher education  Sufficient professional experience in auditing, assessing or evaluation related to privacy and data protection, either on legal or on technical aspects  Legal experts additionally: higher education (e.g. bachelor, master, diploma) in law EuroPriSe Expert Admission Procedure - Proof of qualification - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Self-declaration from applying experts with respect to independence, reliability and liability insurance coverage  Reliability  A potential expert is not reliable if he or she has been convicted of major crimes including fraud and forgery of documents as well as breaking regulations on data protection or if he or she lives in unsatisfactory financial circumstances (such as current insolvency proceedings) or has been dismissed as an expert by an accreditation body before.  Independence  An expert lacks independence respective the seal-applicant if he or she is not independent with respect to the evaluation assessments (e.g. due to involvement in the development process of the evaluated object or because of directives from employers or clients) or if the total revenue derived from the client totals to 80% or more of the overall revenue of the expert or his or her employer.  A declaration of independence is required for each individual evaluation. EuroPriSe Expert Admission Procedure - Proof of reliability and independence - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 To get accustomed to the evaluation scheme and the report templates  To get a feeling on the complexity of the scheme (time, effort)  To get familiar with EuroPriSe procedures and criteria  To receive a tutorial for real-case evaluations including a training evaluation on an exercise IT product or IT-based service EuroPriSe Expert Admission Procedure - Expert-Workshop objectives - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 EuroPriSe Criteria  EuroPriSe Commentary for Experts  lists the criteria and relevant questions  Commentary on interpretation of criteria (European Court rulings, WP29)  provides additional hints for EuroPriSe Experts (in particular on how to write an evaluation report)  EuroPriSe Manual  Information on how to conduct an evaluation and on evaluation reports  Templates  Confidential Report  Public Report EuroPriSe Expert Admission Procedure - Workshop – procedures, criteria and documents - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Group training on:  How to find out the Target of Evaluation (ToE)  How to start an evaluation  Discussion of the first evaluation results  Presentation of sample cases of evaluation and ToE-examples Subsequent to the Workshop: Compilation of training evaluation at home EuroPriSe Expert Admission Procedure - Workshop – training evaluation - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Step 1: Definition of a Target of Evaluation and analysis of its environment  all types of data  data flow  ToE components  architecture  intended environment of operation and the area of application, (relevant for the regulatory analysis)  single processes  all interfaces  Step 2: Selection of the applicable criteria  Due to regulatory analysis  Legal experts - sets 1, 2 and 4, Technical experts - sets 1, 3 and 4 of the criteria catalog  Step 3: Evaluation with respect to selected criteria  Decide and explain whether and why criteria requirements are met  Step 4: Compilation of a comprehensive report  Content: Steps 1-3 and final evaluation results EuroPriSe Expert Admission Procedure - Homework – steps to take - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Set 1. Fundamentals, e.g. purpose, avoidance, transparency  Set 2. Legitimacy of Data Processing e.g. legal basis  Legal Basis for the Processing of Personal / Sensitive / Traffic and Location Data  Special Requirements to Different Processing Phases  Compliance with Data Protection Principles and Data Protection Duties  Special Types of Processing Operations  Formalities  Set 3. Technical-Organisational Measures  general e.g. unauthorised access  Specific, e.g. encryption  Set 4. Data Subjects’ Rights EuroPriSe Admission Procedure - Homework – criteria sets - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 pages  Time effort about 16 h  Time limit for the conduction of training report: 4 weeks EuroPriSe Expert Admission Procedure - Homework – requirements - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

The EuroPriSe Expert Register listing all admitted experts is available at: EuroPriSe Expert Admission - Expert Register - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Admission is granted for three years  Prolongation:  successfull conduction of EuroPriSe evaluation or  participation in a EuroPriSe Expert enhancement workshop EuroPriSe Expert Admission - Validity - © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

 Repetition and self-assessement of required data protection knowledge  Feedback from the certification body on the training evaluation report  First practical experience on EuroPriSe cerification scheme  Planning reliability - feeling about the complexity of the scheme (time, effort) before the first real evaluation EuroPriSe Expert Admission Procedure - Benefit for experts- © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP

TÜV Informationstechnik GmbH Member of TÜV NORD GROUP Monika Wójtowicz, LL.M. IT-Security Head of Data Protection Evaluation Center (Legal) Langemarckstr Essen Telefon: – 535 Telefax: – 544 URL: Thank you very much for your attention! © TÜV Informationstechnik GmbH – Member of TÜV NORD GROUP