ISO 27701 is a standard that provides a framework for organizations to establish privacy information management systems (PIMS) to ensure compliance with data privacy laws like GDPR. It enhances existing ISO 27001 information security management systems to address privacy requirements and implement the necessary systems and controls to protect personal data and comply with legislation. Certification to ISO 27701 demonstrates that effective processes are in place for handling personal information appropriately but does not guarantee legal compliance.

1. ISO 27701:2019 - PRIVACY
INFORMATION MANAGEMENT
ISO/IEC 27701:2019 is a data privacy
extension to ISO 27001 that covers the
management of personal data.
It provides a framework for organizations looking
to put in place systems to support compliance
with GDPR and other data privacy requirements.
Privacy information management systems are
sometimes referred to as personal information
management systems (PIMS).
ISO 27701 enhances an already implemented
information security management system to
address privacy requirements and put in place
the systems and infrastructure to support
compliance to legislation including GDPR.
This reduces risk to the privacy rights of
individuals and to the organization by
enhancing an existing Information Security
Management System.
What is ISO 27701?
NEW

2. Who will benefit?
This standard is a great way of demonstrating
to customers and stakeholders that effective
systems are in place to support compliance to
GDPR and other related privacy legislation.
Implementing a Privacy Information
Management System (PIMS) in compliance
with the requirements of ISO 27701 will enable
organizations to assess, react to and reduce risks
associated with the collection, maintenance and
processing of personal information.
Certification to ISO 27701 does not confirm
legal compliance to GDPR however it provides a
valuable framework for any company to support
their efforts in compliance to legislation.
What is the
certification process?
Organizations looking to get certified to
ISO 27701 in order to comply with GDPR will
either need to have an existing ISO 27001
certification or implement ISO 27001 and
ISO 27701 together as a single implementation
audit. ISO 27701 is a natural expansion to the
requirements and guidance set out in ISO 27001.
The significant overlap in system and technical
requirements between a privacy information
management system and an information security
system presents a compelling case to adopt
ISO 27001 and ISO 27701. This is supported by
the international recognition of an ISO standard.
Where can I find out more?
For more information please visit nqa.com or speak to the business development team.
Take a look at our toolkit on our website for further help and information.
How is this different to ISO 27001?
ISO 27701 is set to be the go to standard for compliance with GDPR regulations, in the
same way that ISO 27001 is considered to be the ‘gold standard’ for information security
management. It aligns to GDPR but also allows organizations to use the standard to incorporate
other privacy laws, regulations and requirements that they may encounter globally. This makes
it an excellent choice for organizations of all industries and sizes looking to demonstrate their
compliance with the ‘accountability’ principle of GDPR.
If a client has ISO 27001 certification with an alternative provider we
can transfer them to NQA free of charge.