What is ISO 27701
ISO / IEC 27701: 2019 (formerly known as ISO / IEC 27552) is a privacy extension to ISO / IEC 27001 and ISO / IEC 27002 and one of the most necessary standards, regarding to Information Security and Privacy Management.
ISO 27701 provides the best implementation of legislation. Both it and GDPR, require organizations to take of measures to ensure the privacy of any personal data that they process. However, neither piece of legislation provides much guidance on what those measures should look like. The ISO and the IEC (International Electrotechnical Commission) have therefore developed this new standard to provide that guidance.
It specifies the requirements for a PIMS (privacy information management system) and provides guidance for establishing, implementing, maintaining, and continually improving. It is also based on the requirements, control objectives and controls of ISO 27001, and includes a set of privacy-specific requirements, controls, and control objectives. Iso 27701 aims to optimize the existing Information Security Management System (ISMS) to offer an international approach to the Protection of Personal Data.
In the modern times it comes as a legal necessity and generator of development in man’s life and the evolving world of technology.
ISO 27701 Certification
Any organization that is certified with ISO/ IEC 27001 and must manage the security of assets, financial or other information, intellectual property and details of its employees / clients / partners / suppliers / shareholders (entrusted by third parties), needs to take reasonable measures to comply with data protection laws and has to acquire ISO 27701. Such organizations are Banks, Hospitals, Insurance Companies, etc.