Privacy Information Management System (PIMS)
Convince regulators of your data protection concept
Higher understanding of overall contexts through process orientation
Normative basis for a Privacy Information Management System (PIMS)
What is privacy management according to ISO 27701?
For example, when considering the context of the organization, relevant data protection laws and court decisions must be taken into account, among other things. Likewise, the risk assessment must take into account criteria relating to the processing of personal data.
ISO 27701 can only be certified in conjunction with an information security management system in accordance with ISO 27001. Articles 5 and 32 of the European General Data Protection Regulation (GDPR) set out requirements, compliance with which can be demonstrated by implementing a data protection management system in accordance with the ISO 27701 standard.
Data protection can thus be certified to a certain extent, and possible fines following data protection incidents can be avoided or reduced.
Will my company meet the requirements of the European GDPR if I implement the standard?
In this way, ISO 27701 can also be used to integrate and fulfill the requirements of the European GDPR for the protection of personal data in the management system. The annex to ISO 27701 provides valuable assistance in this regard, as it contains a detailed table of measures to be taken in relation to the requirements of the GDPR.
How can the implementation of the European GDPR in the company be proven?
According to Article 83 (paragraph 2 letter d) of the GDPR, the extent to which the company actively and in a structured manner deals with data protection also plays a role in the assessment of fines.
Once you have implemented a management system in accordance with ISO 27701, you can then be certified by DQS. In that case, you will have objective proof that data protection is of high importance to you and that you operate a functioning data protection management system.
With a certificate according to ISO 27701, which requires certification according to ISO 27001 (Information Security Management), you have created a solid basis for the integration of the European GDPR's requirements. In some places, the GDPR requires measures that de facto presuppose a management system.
How does ISO 27701 certification work?
In the first step, you discuss your company, your management system and the goals of an ISO/IEC 27701 certification with us. On this basis, you will promptly receive a detailed and transparent offer, tailored to your individual needs.
Especially for larger certification projects, a planning meeting is a valuable opportunity to get to know your auditor, as well as to develop an individual audit program for all involved areas and locations. A pre-audit also offers the opportunity to identify potential for improvement as well as strengths of your management system in advance. Both services are optional.
The certification audit starts with a system analysis (audit stage 1) and the evaluation of your documentation, objectives, the results of your management review and internal audits. In this process, we determine whether your management system is sufficiently developed and ready for certification.
In the next step (system audit stage 2), your auditor assesses the effectiveness of all management processes on site. In a final meeting, you will receive a detailed presentation of the results from your auditor and indications of potential improvements for your company. If necessary, action plans are agreed upon.
On the basis of the system audit, an evaluation of your management system takes place, which results in a report. If your company has fulfilled all standard requirements, you will receive the ISO 27701 certificate.
To ensure that your company continues to meet all the important requirements of ISO 27701 after the certification audit, we conduct surveillance audits on an annual basis. This provides competent support for the continuous improvement of your data protection management system and your business processes.
The certificate is valid for a maximum of three years. Recertification is carried out in good time before the certificate expires to ensure ongoing compliance with the applicable standard requirements. Upon compliance, a new certificate is issued.
What does ISO 27701 certification cost?
What you can expect from us
- Personal, smooth support from our specialists - regionally, nationally and internationally
- Individual offers with flexible contract terms without hidden costs
- Meaningful audit reports including recommendations for action