The standard provides an international approach to privacy protection as a component of information security. It is an extension of ISO 27001, which means that companies intending to implement ISO 27701 certification must also be certified to ISO 27001, or complete certifications to both standards simultaneously.

ISO 27701 is a PIMS (Privacy Information Management System) standard, which provides detailed operational checklists that can be adapted to a variety of regulations, including GDPR.

Companies document their policies, procedures and protocols in line with these checklists, with records then audited by internal and CIRQ auditors. The standard also outlines a framework for personally identifiable information (PII) controllers and PII processors to manage data privacy.

“Organisations no longer need to wait for pending details from the EU on GDPR certification, as ISO 27701 demonstrates to consumers and other stakeholders that mechanisms are in place to keep data safe in compliance to GDPR and other privacy laws”, explained CIRQ managing director Juliana Wood.

“Complying with GDPR requirements and a wide array of US data privacy laws and regulations can be a daunting task.

“Implementation of ISO 27001 and 27701 can reduce the risk of privacy regulation infractions, while also illustrating to clients a keen attention to detail and dedication to data protection.”