Meet ISO 27701, the Privacy extension to ISO 27001

21st September 2020

Meet ISO 27701, the Privacy extension to ISO 27001

Are you certified to ISO 27001?

Are you aware of ISO 27701?

Do you know if you are GDPR Compliant?

ISO 27701 is an additional module which was released in 2019. The standard was introduced for those organisations who already have certification to ISO 27001 but want to add on personal data protection specific controls. This enables them to demonstrate compliance and be audited against the GDPR principles in a well-planned way.

Back when the GDPR was first introduced, many organisations were advising that ISO 27001 demonstrates compliance with the GDPR – this is not true. ISO 27001 was last revised in 2013 and does not cover the principles stipulated by the GDPR which was written in 2016.

The ICO is currently working with UKAS to determine the best route to meet Article 42, Certification. We have a strong feeling that this standard is likely to be endorsed however this is yet to be confirmed.

What are the benefits of adding ISO 27701 to my existing ISO 27001 management system?

> Use the standard to demonstrate to your clients, staff and third parties that you take data protection seriously.

> Proactively engage staff in awareness around cyber risks and security, through an ongoing educational programme.

> Have defined, bespoke policies and procedures that meet the requirements of the standard as well as your business.

> If required, a DPO will be appointed. If you don’t feel you have the skills in house, this is also a service we provide.

> A comprehensive breach management process shall be defined to ensure you handle it as the ICO would expect.

> In the unfortunate event of a breach, you would be looked on more favourably having the ability to demonstrate the methodical approach you have taken to obtain GDPR compliance.

Get in touch

If you are interested in our data protection and GDPR compliance services including ISO 27001 and ISO 27701 please contact or fill in our contact form here.

Do your staff need GDPR training? Do you? Check out our training services.