What is ISO 27701?
ISO 27701 is an extension to ISO 27001 that provides guidance for establishing, implementing, maintaining, and improving a Privacy Information Management System (PIMS). It helps organizations manage personal data protection.
Relationship to ISO 27001
ISO 27001 Information Security Management System (ISMS).
ISO 27701 Privacy extension to ISMS. Requires ISO 27001 as foundation.
Key Components
PIMS Controls
- Privacy policy
- Consent management
- Data subject rights
- Privacy by design
Additional Guidance
- PII controllers
- PII processors
- Privacy risk assessment
- Privacy impact assessment
Benefits
Compliance Support
- GDPR alignment
- CCPA requirements
- Global regulations
Operational
- Structured approach
- Integrated with security
- Continuous improvement
Business
- Customer trust
- Competitive advantage
- Reduced risk
Control Areas
- Conditions for processing
- Obligations to data subjects
- Privacy by design/default
- PII sharing and transfer
- Legitimate interests
Certification
- Extend ISO 27001 audit
- Additional privacy controls
- Annual surveillance
- Three-year cycle
Mapping to GDPR
| ISO 27701 | GDPR |
|---|---|
| 7.2.1 | Art. 5 (Principles) |
| 7.3.x | Art. 12-23 (Rights) |
| 8.2.x | Art. 28 (Processor) |