top of page

ISO 27701

Frequently Asked Questions

Why do I need 27701 in addition to 27001?

ISO 27001 is focused on the information security management system (ISMS) and how your business deals with risk management and security controls while ISO 27701 is focused specifically on data privacy and protection.

Do I need to be ISO 27001 certified to get 27701 certified?

Yes.

But because ISO 27701 is an extension of 27001, your business can get certified in both within a single implementation audit. 

How does ISO 27001 relate to GDPR?

ISO 27701 is a privacy management standard that provides guidelines for implementing and maintaining a privacy information management system (PIMS). GDPR, on the other hand, is a regulation that sets guidelines for protecting the privacy and personal data of individuals within the European Union (EU).

ISO 27701 and GDPR are related because ISO 27701 can be used as a framework for implementing GDPR requirements. Specifically, ISO 27701 includes requirements for managing personal data processing activities, which align with GDPR's requirement for organizations to have appropriate technical and organizational measures in place to protect personal data. In addition, ISO 27701 provides guidance on how to conduct privacy impact assessments (PIAs), which are required under GDPR for high-risk processing activities.

By implementing ISO 27701, you can demonstrate your organization's compliance with GDPR requirements related to the protection of personal data. However, it is important to note that ISO 27701 is not a substitute for GDPR compliance, but rather a complementary framework that can help organizations meet GDPR requirements more effectively.

Contact us to see how we can help you prepare for your ISO 27701 certification.

bottom of page