ISO/IEC 27701:2019 is an international standard that extends the scope of ISO/IEC 27001 and ISO/IEC 27002 by providing guidance on the management of personal data in the context of information security management systems (ISMS). This standard establishes the requirements and provides guidance for the establishment, implementation, maintenance and continuous improvement of a personal data management system in the context of an ISMS.
ISO/IEC 27701:2019 is aimed at organisations that collect, process and store personal data, as well as organisations that provide personal data processing services to other organisations. It provides guidance on risk management, protection of data subjects’ rights and evidence of compliance with data protection legislation.