ISO 27701 Personal Data Management

This service is directly linked to the United Nations Sustainable Development Goals (SDGs).

The international standard ISO/IEC 27701:2019 is an extension of ISO 27001 and ISO 27002, designed to enhance an existing Information Security Management System with additional requirements in order to establish a comprehensive Information Security and Privacy Management System.

Requirements

ISO 27701 defines requirements for the management of personal data and provides guidance for both data controllers and data processors handling personally identifiable information (PII).

It applies to all organizations seeking to ensure not only the security of information but also the protection of personal data belonging to their employees, clients, and partners.

In Greece, a regulatory framework has already been established mandating its implementation in the education sector, with expectations for future expansion across other industries.

It is important to note that in order for an organization to be certified according to ISO 27701, it must already be certified to ISO 27001, or it must opt for simultaneous certification to both standards.

Certification according to the above international standards demonstrates your organization’s commitment:

• to implementing policies that ensure the integrity, confidentiality, and availability of information,
   
• to achieving full compliance with current legal requirements regarding personal data management (GDPR – General Data Protection Regulation).
   

It is important to note that in order for an organization to be certified according to ISO 27701, it must already hold an ISO 27001 certification or opt for a combined certification based on both standards. ISO 27701 can be seamlessly integrated with all international ISO standards, such as those for Quality (ISO 9001), Business Continuity (ISO 22301), and Organizational Resilience (ISO 22316).