ISO 27701 is an extension of ISO 27001, for privacy management. It is also known as Privacy Information Management System (PIMS).
Its purpose is to provide guidance on how organizations should manage personal information, as well as to help demonstrate compliance with privacy regulations, especially the General Data Protection Regulation.
Who does it apply to?
ISO 27701 is applicable to all organizations, regardless of size, industry or sector. Its value is given by giving guidance to organizations in charge of processing personal data information to incorporate it into an ISO 27001 information security management system (ISMS), specifically to companies: Data Controllers or Processors or Sub-processors.
What benefits does it offer me?
- It generates confidence to shareholders, customers, suppliers and employees, giving guarantees that your company works under an international standard that seeks excellence in the management of personal data.
- Facilitates commercial agreements, gives guarantees to potential customers, who nowadays tend to demand more and more certifications in the supplier approval processes.
- It reduces the risk of sanctions, as it is an international standard of reference and includes all the best practices to ensure the management of legal, regulatory and contractual requirements, which are key to the performance of the company’s activity.
How do I get certified?
You must have an ISO27001 ISMS system in place beforehand, you can do it independently or by relying on a Specialized Service, to get certified following three simple steps:
- Gap Analysis: The current level of compliance of the organization is verified.
- Implementation: Being compatible with ISO 27001 makes the integration of the identified gaps a simple job.
- Certification Audit: An independent body certifies compliance.
In conclusion, obtaining ISO 27701 certification in Privacy Management offers a competitive advantage to the organization, reinforcing your company’s reputation by demonstrating its proactive commitment to the protection of personal data.