ISO 27701 27001 Information Technology Security Techniques

What is ISO 27701 and what does it mean?
ISO/IEC 27701:2019 is a privacy extension to the internationally recognized standard for information security management, ISO/IEC 27001 (ISO/IEC 27701 Security techniques Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management of information Guidelines and requirements). See iso 27701 pdf here.

ISO 27701 provides guidelines and specifications for the establishment maintenance, enhancement, and continual improvement of Privacy Information Management Systems (PIMS) (privacy information management systems).

ISO 27701 is built on the specifications of ISO 27001. It includes privacy-specific requirements, controls and control goals.

Our most popular pocket guide ISO/IEC27701 provides brief overview of fundamentals and procedures of management of personal information.

Why was ISO 27701 developed?
The DPA (Data Protection Act) The DPA (Data Protection Act) UK (GDPR General Data Protection Regulation), and the EU GDPR (General Data Protection Regulation) require organisations to adopt measures to ensure the security of personal data that they process.

The laws do not intend to provide guidelines regarding the nature of those measures.
This new standard was created by the ISO (International Organization for Standardization), IEC (International Electrotechnical Commission) to provide guidelines.

What is the relationship between ISO 27001 and ISO 27701? ISO 27001 integrate with ISO 27701
ISO 27001 defines the requirements for an ISMS. It is a risk-based approach which involves processes, people, technology. ISO 27001 certification can be independently certified to provide stakeholders with assurance that data has been appropriately secured.

Organisations who have adopted ISO 27001 can use ISO 27701 for privacy management. This covers personal data/PII. This allows organizations to prove that they've taken reasonable steps to be in compliance with the GDPR.

Organizations that don't have an ISMS are able to implement ISO 27001 and ISO 27701 in one implementation project.
Download a free pdf How to achieve GDPR compliance as well as DPA compliance by using ISO 27701
Plan your route towards GDPR and DPA 2018 compliance in accordance with ISO 27701

Who should be the person to implement ISO 27701
All controllers and data processors are able to use ISO 27701. It encourages a risk-based approach similar to ISO 27001 so that each member organization addresses specific risks as well the privacy and personal data.

What is the distinction between the privacy information management system and the personal data management software?
ISO 27701 outlines requirements for privacy information management systems for privacy information management. BS 10012, however, is the British standard.

There's not much difference between these two terms - they're both management systems created to safeguard personal information . For the sake of day-to-day activities you can assume the acronym 'PIMS' to refer to either. There are however some distinct differences between the two approaches, which are discussed below.

Should I follow ISO 27701 oder BS 10012
Both standards have advantages However, they differ in certain ways.

BS 10012 is aligned with the GDPR and DPA 2018, whereas ISO 27701 avoids aligning itself with any specific privacy regime. This allows for broader usage and allows conforming organizations to be in compliance with various privacy laws.

BS 10012 might be the ideal choice for you if your organization must adhere to the GDPR 2018 as well as DPA 2018.

If, however, you need to prove that you are in compliance with various data protection laws, then that the international standard is better suited to the requirements of your business.

IT Governance can assist you to determine which one is best suitable for you, and also provide any support for implementation.

Show that GDPR compliance is met to ISO 27701 or ISO 27001
Implementing ISO 27701 & ISO 27001 allows you to be in compliance with the privacy and data security requirements of the GDPR. It also proves that you have management procedures to ensure "appropriate technological and organisational measures" implemented to safeguard personal information and ensure the rights of the data subjects in accordance with article 5(2). Check Information technology - Security techniques for info.

Article 42 of GDPR covers the certification of data protection mechanisms, data protection seals and mark. These mechanisms are not yet available. But, you can obtain ISO 27001 accreditation if your organization follows its best practices in the security of personal data.