A rapid increase in concerns over privacy relating to social media apps and IoT devices and the global proliferation of privacy laws and regulations mean organizations are now facing pressure from customers, end-users, investors, and regulators about how they manage the personal identifiable information (PII), or personal data, they collect when conducting their business. The enactment of many wide-influence privacy laws, such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the China Cybersecurity Law, has imposed significant pressure on organizations to look at the issue of privacy.
The concept of privacy is often misunderstood and/or incorrectly acted upon. Many organizations believe it is enough to not pass data on to third parties and ensure their databases are password protected. Concepts such as ‘consent’, ‘purpose of collection’, or ‘cross-border transfer’ are either ignored or not understood. The fierce penalties of GDPR and CCPA fines mean many organizations are now waking up to the risks and are finally beginning to pay proper attention to their privacy protection.
This white paper introduces the ISO/IEC 27701:2019 standard, discusses its structure and how it can be used to implement a Personal Information Management System (PIMS), and certification against the standard.
The intended audience of this white paper is:
- Organizations looking for general information about a PIMS; and
- Organizations planning to implement or to get certified for a PIMS against ISO/IEC 27701:2019