The new ISO 27701 standard outlines the requirements for implementing a Privacy Information Management System (PIMS), to govern the handling of personal data.
The ISO/IEC 27701:2019 has been designed to be used by all data controllers and data processors. It advocates a risk-based approach so that each conforming organisation addresses the specific risks it faces, as well as the risks to personal data and privacy..
Those organisations familiar with ISO 27001 will be able to extend their ISMS (Information Security Management System) to address privacy and support them in GDPR compliance by providing a means to demonstrate commitment to privacy information management. It is expected that certification bodies will begin to audit against this new ISO standard.
Upcoming on one-day privacy training on ISO 27701