The European Union introduces the GDPR, which is effective May 2018.
It lists 6 types of legal basis for the processing of personal data, one of which is consent by the data subject. (http://www.privacy-regulation.eu/en/6.htm)
NISTIR-8112 has a privacy section that puts focus on consent. This is however just one possible legal basis for processing of personal data.
Suggested Change:
In the privacy section, introduce 'legal basis' defined as 'legal basis for processing of the personal data'. In the EU, possible values would be:
"consent"
"contract"
"legal obligation"
"vital interest of data subject"
"public interest"
"legitimate interest persued by data controller"
Organization: 2 www.iWelcome.com
Type:
IDaaS provider
Reference (Include section and paragraph number):
3.2.1.4 Privacy
Comment (Include rationale for comment):
The European Union introduces the GDPR, which is effective May 2018. It lists 6 types of legal basis for the processing of personal data, one of which is consent by the data subject. (http://www.privacy-regulation.eu/en/6.htm)
NISTIR-8112 has a privacy section that puts focus on consent. This is however just one possible legal basis for processing of personal data.
Suggested Change: In the privacy section, introduce 'legal basis' defined as 'legal basis for processing of the personal data'. In the EU, possible values would be: "consent" "contract" "legal obligation" "vital interest of data subject" "public interest" "legitimate interest persued by data controller"