New ISO Privacy Management Standard

The new Privacy Management Standard ISO27701:2019 has now been published. This standard is intended to provide guidance for implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to an existing ISO27001 Information Security Management System (ISMS). It can provide guidance for Data Controllers and Data Processors to manage their privacy requirements and demonstrate compliance under the Accountability principle of GDPR.

Having a consistent method of demonstrating compliance with data protection laws such as GDPR should help organisations provide assurance to their interested parties. It should also provide evidence of compliance to regulators, help to reduce risk of infringements of data protection law and data breaches.

I expect certification bodies to offer certification in due course, allowing for their auditors to be trained and their audits to be accredited under UKAS.

I viewed a draft copy of the standard earlier this year and I am now looking to review the completed standard and will provide more updates shortly.