What is the ISO 27701? A comprehensive guide to Privacy Information Management

The ISO 27701 relates directly to the requirements in data protection regulations such as the well-known General Data Protection Regulation (GDPR). 


This ISO standard was recently launched with the purpose of helping organisations comply with the requirements of the GDPR and other Privacy security regulations. 


Comparing the ISO 27001 and the ISO 27701; The ISO 27001 is the standard for implementing information security management systems, and the ISO 27701 is the go-to standard for implementing a privacy management system.


The 2 standards have overlapping technical requirements and that makes it quite a bit simpler to implement ISO 27701 if you have already implemented ISO 27001.


What is Privacy Information Management?

Privacy information management relates to the ways that an organisation: (i) collects, (ii) stores, (iii) uses and (iv) removes personal identifiable information (PII), which is collected from individuals.


PII is classified as any type of information, that can be used to identify an individual. PII Controllers and PII Processors are responsible for the legal collection of PII and how it is handled.


The regulations are quite firm and they govern:


1) The collection and use of PII,

2) The protection of PII,

3) The rights held by an individual over their PII.

Some of the best known and most significant are:

The collection and use of PII must have a purpose and it must happen according to relevant regulations.

  • PII must be protected (stored safely and encrypted).
  • Individuals have the right to removal, modification and disclosure of the data that an organisation has collected about them.

How can ISO 27701 help my organisation?

ISO 27701 relates to the requirements that you may find in a general data protection regulation, and it will contribute to the management and documentation of the organisational PII processes.


Using ISO 27701, the organisation can build and maintain a “privacy information management system” (PIMS). Similarly to ISO 27001, the ISO 27701 will provide control objectives and directions, that your organisation may consider implementing.


As mentioned earlier in this article, it is an obvious choice for organisations who have already implemented ISO 27001 (or those who are in the process of implementing it) to consider if they might also want to add on ISO 27701. This will help compliance with data protection regulations.


In general, data protection regulations are becoming more and more common all over the world and every country will often have its own set of rules that you must comply with. 


Keep in mind, that you can´t choose ISO 27701 as a stand-alone certification. If you want to be audited/certified in accordance with ISO 27701, you must also implement ISO 27001.


How do we get started?

With Readynez you can sit the official ISO 27001 exams and the official ISO 27701 exams and you will train and certify in one 3 day programme per certification.

It is quite a unique setup where you will stay with Readynez in a dedicated training centre and train for 10-12 hour days with your expert instructor. Readynez takes care of everything so that you can completely immerse yourself in learning and have the best possible chance to pass your exam the first time.

Learn more about the training- and certification programmes here:


ISO 27001 Lead Implementer - 3 days

ISO 27001 Lead Auditor - 3 days

ISO 27701 Lead Implementer - 3 days

Between them, these 2 certifications offer an integrated management system.


Why a Privacy Information Management system matters

ISO standards are globally recognised standards for the establishment, implementation and maintenance of a management system based on best practices. A privacy information management system can help ensure that your organisation complies with regulations such as the GDPR. As most people know, the fines for breaching data protection regulations are very steep. 


If you breach these regulations, you will risk fines up to 17.5 million GBP or 4% of the yearly turnover, and other countries may have different fines. But, regardless of the fine, the damage you may suffer to your reputation maybe even worse.


A European survey has recently found that: “65% of respondents will stop using a brand if they do not treat their data according to regulations”.

By implementing the ISO 27701 you are openly documenting your commitment to data security and that can easily prove to be a great investment. 


Book a meeting with a Readynez ISO consultant for FREE to learn more about your training options on an individual or organisational level.


Are you Ready? Chat with us on www.readynez.com or call 88 18 43 20.

Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Access to 50+ seasoned instructors
  • Trained 50,000+ IT Pro's



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}