What is the ISO 27701? A comprehensive guide to Privacy Information Management

About our Talent Services

You want new efficiencies, new opportunities and growth from technology, and you will need skills to get them. With Readynez Talent Services you will answer real and burning business challenges. No wonder we’ve been awarded the Microsoft Learning Partner of the year global finalist award for helping businesses transform and achieve remarkable results.

Get started

I’m an opportunity Leader looking for talent

I’m an ambitious graduate looking for an exciting career

ISO 27701 is the international standard for managing privacy information. It is an extension of ISO/IEC 27001 and ISO/IEC 27002 (Information Security Management).

The ISO 27701 relates directly to the requirements in data protection regulations such as the well-known General Data Protection Regulation (GDPR).

This ISO standard was recently launched with the purpose of helping organizations comply with the requirements of the GDPR and other Privacy s
ecurity regulations.

Comparing the ISO 27001 and the ISO 27701; The ISO 27001 is the standard for implementing information security management systems, and the ISO 27701 is the go-to standard for implementing a privacy management system.

The 2 standards have overlapping technical requirements and that makes it quite a bit simpler to
implement ISO 27701, if you have already implemented ISO 27001.

What is Privacy Information Management?
Privacy information management relates to the ways that an organization: (i)
collects, (ii) stores, (iii) uses and (iv) removes personal identifiable information (PII), which is collected from individuals.

is classified as any type of information, that can be used to identify an individual. PII Controllers and PII Processors are responsible for the legal collection of PII and how it is handled.

The regulations are quite firm and they govern:

1) The collection and use of PII,
The protection of PII,
The rights held by an individual over their PII.

Some of the best known and most significant are:

The collection and use of PII must have a purpose and it must happen according to relevant regulations.

  • PII must be protected (stored safely and encrypted).
  • Individuals have the right to removal, modification and disclosure of the data that an organization has collected about them.

How can ISO 27701 help my organization?
ISO 27701 relates to the requirements that you may find in a gener
al data protection regulation, and it will contribute to the management and documentation of the organizational PII processes.

Using ISO 27701, the organization can build and maintain a “privacy information management system” (PIMS). Similarly to ISO 27001, the ISO 27701 will provide control objectives and
directions, that your organization may consider to implement.

As mentioned earlier on in this article, it is an obvious choice for organizations who have already implemented ISO 27001 (or those who are in the process of implementing) to consider if they might also want to add on ISO 27701. This will help compliance with data protection regulations.

In general, data protection regulations are becoming more and more common all over the world and every country will often have it’s own set of rules that yo
u must comply with.

Keep in mind, that you can´t choose ISO 27701 as a stand alone certif
ication. If you want to be audited/certified in accordance with ISO 27701, you must also implement the ISO 27001.

ow do we get started?
With Readynez you can sit the official ISO 27001 exams and the official ISO 27701 exams and you will train and certify in one 3 day programme per certification.

It is quite a unique setup where you will stay with Readynez in a dedicated training centre and train for 10-12 hour days with your expert instructor. Readynez takes care of everything, so that you can completely immerse yourself in learning and have the best possible chance to pass your exam the first time.

Learn more about the training- and certification programmes here:
ISO 27001 Lead Implementer - 3 days
ISO 27001 Lead Auditor - 3 days

ISO 27701 Lead Implementer - 3 days

Between them, these 2 certifications offer an integrated management system.

Why a Privacy Information Management system matters
ISO standards are globally recognized standards for the establishment, implementation and maintenance of a management system based on
best practices. A privacy information management system can help ensure that your organization complies with regulations such as the GDPR. As most people know, the fines for breaching data protection regulations are very steep.

If you breach these regulations, you will risk fines up to 17.5 millions GBP or 4% of the yearly turnover, and other countries may have
different fines. But, regardless of the fine, the damage you may suffer to your reputation may be even worse.

A European survey has recently found that: “65% of respondents will stop using a brand, if they do not treat
their data according to regulations”.

By implementing the ISO 27701 you are openly documenting your commitment to data security and that can easily prove be a great investment.

Book a meeting with a Readynez ISO consultant for FREE to learn more about your traini
ng options on an individual or organizational level.

Are you Ready? Chat with us on www.readynez.com or call 88 18 43 20.

21. Aug 2020

by Maria Forsberg

Maria Forsberg

Marketing Manager

Readynez uses cookies to improve your website experience. To learn more please read our policy.

Privacy policy OK