Do you have any data on how many companies are implementing the NIST Privacy Risk framework? The challenge with it is it’s very US specific..and does incorporate or refer to GDPR terms/asks. Where something like a Nymity framework is not an industry, but a consulting company so not “Independent”
Here is a link to the HIPAA Security Rule crosswalk to the NIST Cybersecurity Framework <a href=" removed link "> removed link .
A couple of links of interest for the NIST Privacy Framework - <a href=" removed link "> removed link
Resource Repository: <a href=" removed link "> removed link
Link to the Cybersecurity Framework: <a href=" removed link /browse/crosswalks/cybersecurity-framework-crosswalk"> removed link /browse/crosswalks/cybersecurity-framework-crosswalk
Last an EasyDynamics blog on the NIST Privacy Framework: <a href=" removed link "> removed link
Thanks for including me in a great event!
Best Regards,
Jamie
The NIST Privacy Framework was recently released (January 2020); some companies have publicly stated their support and/or intent to adopt it. I recommend visiting <a href=" removed link " target="_blank" rel="noopener" data-saferedirecturl=" removed link ;source=gmail&ust=1590697030768000&usg=AFQjCNE9O4Ol-_w24ThmkRL22fWIe91IeA"> removed link framework/adoption for additional information. Regarding the relationship between the NIST Privacy Framework and GDPR, as noted during the webinar, the NIST Privacy Framework is agnostic to any particular technology, sector, law or jurisdiction; therefore, it does not use GDPR-specific terms. The Privacy Framework Core includes several references for the need to organizations to consider laws and regulations (e.g., See the GOVERN-P Function). In addition, the framework recognizes that organizations can take on many roles in the data processing ecosystem and that such roles might be legally codified (e.g., data controller or data processor).