Resource Identifier: GDPR-Regulation 2016/679 Crosswalk by Enterprivacy Consulting Group
Source Name: Regulation (EU) 2016/679 (General Data Protection Regulation)
Contributor: Enterprivacy Consulting Group (R. Jason Cronk)
Contributor GitHub Username: @privacymaverick
Date First Posted: July 2, 2020
Date Last Verified or Updated: n/a
Related Documentation: n/a
Contributor Notes: To make it easier for readers, rather than a single column, I've split the GDPR by Chapters and Sections.
Methodology I want to thank Microsoft as I first used their mapping of GDPR to ISO 27701 through their Data Protection Mapping Project. I then further utilized their mapping from ISO 27701 to the NIST Privacy Framework (initially provided in their public comments on the draft version of the framework). From there I manually reviewed each link between a subcategory in the NIST Privacy Framework and corresponding item in the GDPR. Because there are items in the NIST Privacy Framework and GDPR that are not part of the ISO 27701 standard, I found numerous missed connections. I found some where the final NIST<->GDPR connection didn't make sense, even though the intermediary NIST->ISO and ISO->GDPR connections were appropriate. Next I solicited feedback from professional associates (many thanks to those who contributed their thoughts).
Disclaimer While every effort has been made to be complete and provide as much detail as necessary, no guarantee or warranty is provided on the accuracy or completeness of this mapping. You should use it as a starting point for your own analysis.
There is no discussion at this time for this resource.
You can share feedback, ask questions, or request clarifications about this resource. You will need the resource identifier and contributor’s GitHub username.