ISO 27701

The new Privacy Certification extension to ISO 27001

ISO 27701 does not cover the GDPR out of the box

ISO 27701 has come along to add another management system into the ISO camp. With the creation of a Privacy Management System (PMS), the International Standards Organisation (ISO) is looking to provide a compliance framework for global privacy legislation and regulation. There is a significant cost in evidencing compliance to any regulation, that most organisations …

ISO 27701 does not cover the GDPR out of the box Read More »

ENISA’s Online Platform for Security of Personal Data Processing

In December 2019, ENISA released an online platform to help Data Controllers and processors with the security controls applicable to personal data processing. The platform looks to tie together ISO 27001, ISO 27005, the GDPR requirements and some principles from ISO 27701, to provide a link between high-risk personal data processing and the security controls …

ENISA’s Online Platform for Security of Personal Data Processing Read More »

Understanding ISO 27701 – Missing GDPR Controls Part 2

In my previous post, we left the GDPR review at Clause 74. This was quite a deliberate breakpoint, as Clause 75 and 76 take us straight into the meat of the DPIA (Data Protection Impact Assessment). Privacy Impact Assessment The ISO 27701 Standard refers to a Privacy Impact Assessment as a method to determine the …

Understanding ISO 27701 – Missing GDPR Controls Part 2 Read More »

Implementing ISO 27701 – Part 5 – Cryptographic Controls

Part 5 of the series picks up from A.10 Cryptography. Click here to see the other posts in this series. Cryptographic Controls The ISO 27701 Standard points out that some jurisdictions require encryption to be used on some forms of PII data. It then provided additional guidance that data subjects should be informed when encryption …

Implementing ISO 27701 – Part 5 – Cryptographic Controls Read More »

Implementing ISO 27701 – Privacy for ISO 27001

When the GDPR came into force on the 25th May 2018, a number of Articles referred to the creation of certification schemes that could be approved by Authorities, to make it easier for data subjects to understand whether an organisation had appropriate privacy controls. Implementing ISO 27701 looks like the easiest route currently to this …

Implementing ISO 27701 – Privacy for ISO 27001 Read More »