ISO 27001 (ISMS) certification includes security requirements that can be applied to protect data, but there are differences between this standard and GDPR compliance. That is why ISO / IEC has identified this issue and issued a new standard that strengthens and controls ISMS. ISO 27701: 2019 is the name of this new standard.
What is the GDPR ?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also transfers personal data outside the EU and EEA regions.
What is personal information?
Personal data is information that belongs to a specific person or has been identified. What identifies a person can be simply a name or a number, or it can include other identifiers such as IP address or cookie ID or other factors such as personal information (ie address, phone number or image).
When considering whether information is relevant to the individual, you need to consider a range of factors, including the content of the information, the purpose or goals you are processing, and the potential impact that processing has on the individual.
Examples of personal data include:
- first name and last name
- Home address
- Email address such as name.surname@company.com
- Identification Card No
- Internet Protocol (IP) Address
- Cookie ID
- Hospital / patient information
All organizations process, collect, control or host some of the above data. For example, most organizations have information about their employees, partners and customers.
Data breach
Since joining the GDPR, a number of leading organizations have failed to pass the law, leading to fines that now amount to billions of euros. This includes not only EU-based organizations, but also institutions concerned with trade in the EU.
Achieving this regulation goes beyond the borders of the European Union. Data breaches can result in large fines and damage to reputation. Clearly understanding how to properly deal with PII is critical to the organization.
What is the advantage of PIMS ?
The benefits of implementing privacy information management are significant. In addition, if an organization already has ISO 27001 efficient, PIMS implementation is a relatively straightforward process because PIMS relies on the controls in Annex A and is implemented when implementing an ISMS (ISO 27001). ) Is required.
The benefits of running an ISMS are well documented. Here are some broader concepts for an organization to implement PIMS technical development.
ISO 27001 provides a framework within which an organization can identify information security law for activities, products, services and risks. Such a framework is expanded to provide tools in accordance with specified legal requirements.
ISO 27701: 2019 can provide greater clarity and confidence in complying with legal and regulatory requirements due to its special focus on thematic areas.
Information security risks and issues identified in ISO 27001 and ISO 27701 enable an organization to provide information, advice and communication on these security risks. Its output is as follows:
- Demonstrating compliance with data privacy laws increases trust between organizations and customers.
- Evidence is emerging that data protection officers can provide to senior executives and board members to demonstrate their progress in privacy compliance.
- Through data flow, business opportunities increase.
By implementing information security improvement strategies and by effectively implementing an information security management system, significant financial savings can be made. Do not forget the effect that accident reduction can have on the morale of employees, customers and other important stakeholders. Be.
Finally, one of the things that can not be ignored is the increase in reputation, which will be accompanied by obtaining ISO 27701 certification.
In the information age, showing that you are committed to data privacy should be part of every business. Where information processing has a procedural consideration; Ensuring that you comply with the rules is a must.