What exactly is ISO 27701?
ISO/IEC 27701 is the year 2019 will be a privacy extension of the international standards for information security management, ISO/IEC 27001 Security techniques - Extension ISO/IEC 27001 & ISO/IEC 2702 Privacy Information Management – Requirements and Guidelines See iso 27701 here.
ISO 27701 provides guidelines and specifications for the establishment maintenance, enhancement, and continual improvement of the Privacy Information Management System (PIMS) (privacy information management systems).
ISO 27701 is based on the requirements, control objectives and controls of ISO 27001, and includes a set of privacy-specific standards, controls and objectives.
You can also read our bestseller pocket guide ISO/IEC 27701 : 2019: A brief introduction to the management of privacy.
What was the goal of ISO 27701?
DPA (Data Protection Act) DPA (Data Protection Act), DPA201 (Data Protection Act), UK (GDPR General Data Protection Regulation), EU GDPR(General Data Protection Regulation), all require organisations to implement measures to safeguard the privacy of any personal information they handle.
These laws are not intended to provide guidance regarding the structure of these measures.
The new standard was created by the ISO (International Organization for Standardization) as well as the IEC (International Electrotechnical Commission).
What is the relationship between ISO 27001 & ISO 27701
ISO 27001 defines the requirements for an ISMS. It is a risk-based method that includes people, processes, technology. ISO 27001 certification is independent and proves that the security of data has been properly maintained.
ISO 27001-certified organizations can now utilize ISO 27701 as a way to increase their security measures to include privacy management. This includes processing personal data/PII. It can help them show that they've taken reasonable precautions to complying with privacy laws, such as the GDPR.
Organizations that don't have an ISMS can apply ISO 27001 and ISO 27701 in a single implementation project.
Download a free PDF for download: Design your route to GDPR/DPA compliance in accordance with ISO 27701
With ISO 27701, map your way to GDPR 2018 and DPA 2018 conformance
Who should be using ISO 27701
ISO 27701 is intended for all data processors, as well as controllers of data. Like ISO 27001, it advocates a risk-based approach so that each conforming organisation addresses the specific risks it faces in addition to the risks to personal data and privacy.
What is the difference between privacy management systems for personal data management systems?
While ISO 27701 outlines the requirements for privacy information management systems, BS 10012 is the British standard.
There are some differences between the terms - both are management systems designed to protect personal information and therefore for everyday activities, you could use the term PIMS as referring to or. The differences between the approaches are noticeable, and are explained below.
Do I choose ISO 27701 over BS 10012?
Although both standards are helpful There are some differences.
BS 10012 conforms to the GDPR, DPA 2018 and ISO 27701, whereas ISO 27701 doesn't align itself with any particular privacy system. This allows it to be used by more organizations and, consequently, they are able to comply with a variety of privacy regulations.
BS 10012 could be a viable option in the event that your business is required to comply with DPA 2018 and GDPR.
If you have to prove that you are in compliance with a variety of privacy rules the international standard could be more appropriate for you.
IT Governance can help determine the best method for your requirements and offer all implementation support that you need.
Prove GDPR compliance to ISO 27701 and ISO 27001
Implementing ISO 27701/ISo 27001 will allow you to comply with privacy and information security regulations of GDPR. Additionally, you will be able to show that you have managed arrangements to "appropriate technology and organizational steps" to safeguard the personal information you collect and to protect data subject's rights in accordance to the principle of accountability in the GDPR (Article 5.(2)). Check iso 27001 for info.
Article 42 of the GDPR refers to the mechanisms for certifying privacy of data and security seals for data as well as marks. There is no mechanism for this. It is however possible to get an independent, accredited certification of ISO 27001 - and by extension ISO 27701 if you implement its controls - which will demonstrate to regulators and other stakeholders that your organization is adhering to the best practices of international standards regarding the security of personal data and PII.