Data Protection and GDPR / ISO 27701

The EU-GDPR was designed to give individuals back their control over personal information. It therefore significantly strengthens individuals’ rights against those organisations that process their data.

The EU-GDPR contributes to what is essential in a free economy and a free world: protecting rights and freedoms of people. No one will question this basic acquired freedom.

But, when it comes to assure compliance, organisations find themselves before a mission that can become difficult.  Manual systems do not always yield ease of use.
Organisations need to be practical, methodic and build a usable data protection intelligence in order to:

  • assure and protect rights and freedoms of “data subjects” (like “right to insights”, “right to be forgotten” ...)
  • assure adequate measures to secure data processings that can cause risks to Data Subjects.
  • manage international aspects adequately (for instance when your organization has data processed in countries not meeting adequacy criteria)
  • assure accessibility, accuracy and protection of data
  • assure for preparation, response and handling “data breaches”

The new ISO/IEC 27701:2019 Security techniques for privacy information management is an extension to ISO27001/2 — Requirements and guidelines requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS).