Data Protection Services

What is it?

This standard is essential for organisations worldwide that are responsible for Personally Identifiable Information and Personal Data. It provides a framework on how to manage and process data and safeguard privacy. ISO 27701 enhances an already implemented ISO 27001 certified information security management system to address privacy requirements and put in place the systems and infrastructure to support compliance to legislation including GDPR.

Implementing a Privacy Information Management System (PIMS) in compliance with the requirements of ISO 27701 will enable organisations to assess, react and reduce risks associated with the collection, maintenance and processing of personal information.

Certification to ISO 27701 does not confirm legal compliance to GDPR however it provides a valuable framework for any company to support their efforts in compliance and the demonstration accountability.

Data Protection Services

Difference between ISO 27001 and ISO 27701

ISO 27701 is set to be the go to standard for compliance with GDPR regulations, in the same way that ISO 27001 is considered to be the ‘gold standard’ for information security management.

It aligns to GDPR but also allows organisations to use the standard to incorporate other privacy laws, regulations and requirements. This makes it an excellent choice for organisations of all industries and sizes looking to demonstrate their compliance with the ‘accountability’ principle of GDPR.

How to get certified?

If you already have accredited certification to ISO 27001 you will find applying the information risk management principles to personal information fairly straightforward.

The standards require that organisations with certification to ISO 27001 must include privacy management, this means reviewing the organisation’s contextual analysis, risk assessment and control environment to ensure that privacy management is incorporated.

The privacy information management system then needs to be documented. Organisations that are less confident in their GDPR compliance will find ISO 27701 particularly helpful as it provides specific recommendations for actions to comply with the regulation.

We can assess your compliance to ISO 27701 as an addition to your ISO 27001 assessment. We will ensure our approach follows the same method as the standard – looking at one system supporting information security and personal information management.

Data Protection Services

Make Contact

Start the conversation

Your Name
Your Organisation
Your Email
Your Telephone
Your Message
We will only use this information to make contact with you to discuss your enquiry. We will not add you to any marketing list and will not share your data with anyone else for their own marketing purposes. If you want to know more about how we look after your information, please visit our Privacy Page.