Security for Privacy on Data Protection Day

Back to News

On 28th January, ENISA joins 47 countries of the Council of Europe and the EU institutions, agencies and bodies, to celebrate the 11th annual European Data Protection Day.

The date marks the anniversary of the Council of Europe's Convention 108 on the protection of personal information, the first legally binding international law in the field of data protection.


Guidelines for SMEs on the security of personal data processing

ENISA shares some of its work in the field of data protection and privacy, with a focus on the  security of personal data processing. The latest report on 'Guidelines for SMEs on the security of personal data processing' attempts to assist in the implementation of the personal data protection regulatory framework by promoting the adoption of security measures to protect privacy.

According to the General Data Protection Regulation, security equally covers confidentiality, integrity and availability, and should be considered following a risk-based approach: the higher the risk, the more rigorous the measures that the controller or the processor needs to take, in order to manage the risk. On this basis and as part of its continuous support on EU policy implementation, the report focuses on SME’s, acting either as data controllers or data processors, and facilitates their understanding on personal data processing operations, and subsequently, on the assessment of the associated security risks.

The objectives of the study are to facilitate SMEs in understanding the context of the personal data processing operation and subsequently assess the associated security risks. Based on that, the study also proposes possible organizational and technical security measures for the protection of personal data, which are appropriate to the risk presented. These measures can be adopted by SMEs in order to achieve compliance with the General Data Protection Regulation (GDPR).

Full report available online 


Further work on privacy and data protection by ENISA include:


PETs controls matrix

PETs controls matrix, a systematic approach and tool for assessing online and mobile privacy tools for end users. The ‘PETs control matrix’ can facilitate a standardized and clear presentation of different privacy tools, supporting in this way the possibility of comparative assessments. More in the following link.

Annual Privacy Forum

ENISA’s Annual Privacy Forum (APF) is to be held on the 7th and 8th June 2017 in Vienna, at the University of Vienna, Faculty of Law. The event provides a forum to academia, industry and policy makers for discussions on privacy and data protection topics. The Call for papers for the 2017 APF is now open. Submission until 31st of March 2017.

Stay connected through the RSS feeds, #PrivacyForum_EU on twitter, and the dedicated site http://privacyforum.eu/