This document, in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management well within the context of the organization, defines requirements and guides establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).
This document describes PIMS-related regulations and offers direction to PII controllers and PII processors who are responsible for PII processing.
In the wake of the EU’s General Data Protection Regulation (GDPR), South Africa’s POPIA, Brazil’s LGPD, the Australia Privacy Principles, and many similar privacy laws and regulations being drafted around the world; there has been a growing need for a code of conduct, or standard, to demonstrate privacy data compliance and certification.
ISO 27701 is a framework for data privacy that builds on ISO 27001. This latest privacy best practice guides organizations on policies and procedures that should be in place to comply with GDPR and other data protection/privacy regulations and laws.
The ISO 27701 standard, a PIMS (Privacy Information Management System) standard, lays out a detailed set of operational checklists that can be adapted to a variety of regulations, including GDPR.