Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Comparison of notice requirements for consent between ISO/IEC 29184:2020 and General Data Protection Regulation
Journal of Data Protection & Privacy,
4
(2),
193-204
(2021)
Abstract
This paper analyses the ISO/IEC 29184:2020 standard and compares its requirements for notice and consent with those specified by the General Data Protection Regulation (GDPR). More specifically, it considers the extent to which the ISO/IEC 29184 standard can be applied to demonstrate compliance with the requirements of the GDPR and to identify the additional requirements in areas where it is not sufficient. The paper concludes with remarks on the potential role of ISO/IEC 29184 as a certification mechanism under the GDPR for consent and notice.
Keywords: consent; notice; GDPR; regulatory compliance; privacy; ISO
The full article is available to subscribers to the journal.
Author's Biography
Harshvardhan J. Pandit is a Research Fellow in the ADAPT SFI Centre at Trinity College Dublin. His PhD thesis investigated the ontological representation of activities associated with processing of personal data and consent for GDPR compliance. He currently works in areas of privacy risks, consent and its documentation, and regulatory compliance.
