What is the ISO 27701 Privacy Add-On?

In 2019 an exciting new privacy standard, ISO 27701, was published.  

But what is ISO 27701 and can it help you achieve GDPR compliance?

ISO 27701 for a Privacy Information Management System (PIMS)

ISO 27701, is an add-on to the popular Information Security Management System standard, ISO 27001.

The core of the standard involves a detailed risk assessment process with a set of controls defined in Annex A to manage the information security risks.

ISO 27701 expands the core clauses and the addition controls of Annex A to provide a privacy perspective for the system.


Can ISO 27701 be Implemented on its Own?

ISO 27701 can not be implemented as a stand-alone standard because it draws on the clauses and controls of ISO 27001 and ISO 27002 to expand the information management system so as to include privacy information.

While ISO 27001 is a much larger standard than others, if your organisation stores or processes personal identifiable information there are many benefits to implementing the standard and achieving certification.

What is ISO 27001?

According to ISO’s 2018 Survey, nearly 31,000 ISO 27001 certificates have been issued worldwide, meaning many organisations already have the required framework in place to implement the additional privacy controls.

Find out more about ISO 27001.

Does ISO 27701 meet GDPR Compliance?

ISO 27701 is designed specifically to create a Privacy Information Management System (PIMS).  

However, ISO standards are created through international collaboration and privacy laws vary considerably throughout the world.

GDPR is a European Regulation, implemented in the UK through the Data Protection Act 2018.    While ISO 27701 does not address data protection legislation clause-for-clause, it does provide best practices that can be used to meet legal requirements

Our ISO 27701 consultants can work with you to implement a PIMS and meet GDPR legislation.

Contact us to discuss how we can help.

Kaidee Clark
Kaidee Clark
Articles: 33