Booking an appointment with a doctor, logging in to online banking and booking tickets online are all results of the digitization, globalization and personalization of services. This means that larger amounts of data are collected and processed than ever before.
We are major consumers of digital platforms and use them extensively on a daily basis. Whether it is apps on your smartphone, subscriptions to various streaming services or login on public websites, you hand over your data. This use of digital platforms has generated increased focus on the issues associated with the misuse of personally identifiable information (PII).
The standard on privacy protection, ISO/IEC 27701, is a management tool that provides insight into the work flows and measures that organizations should establish to achieve appropriate protection of PII. The standard is an extension of the information security management standard ISO/IEC 27001, which many organizations have already implemented.
ISO/IEC 27701 on privacy information management thus provides ISO/IEC 27001 with special requirements for PII processing on the basis of the data subject/individual to which the information relates.
By following the requirements of ISO/IEC 27701, your organization will achieve documented processes for PII processing and protection, whether you are a data processor or data controller. The documentation is key when the organization is to facilitate agreements with collaborators and to contribute to the confidence of the stakeholders that your organization is handling personal data in a safe manner.