Absent an official GDPR certification, companies have scrapped by with a gamut of costly due diligence questionnaires, customer audits, and stringent data protection addendum (DPA’s) in an attempt to gain at least minimum comfort that their company, vendors, and business partners are meeting the requirements spelled out by GDPR. These efforts have left a looming question for all affected companies:
“When will there be a GDPR certification?”
ISO 27701 not only fills the void as a potential GDPR certification, but provides much more by requiring companies to adhere to the ISO 27001 information security standards. ISO 27701 combines security and privacy in one comprehensive certification. In this white paper, we will discuss the ISO 27701 framework, implementation methodology, required documents, and relevance to GDPR. Detailed mappings of Clauses 5, 6, 7, and 8 to existing standards are included as appendices.
This Whitepaper Series Includes:
Part 1: Will present a business case which outlines why organizations should consider ISO 27701 certification from business perspective
Part 2: Will cover the essential elements of the ISO 27701 Framework (This Whitepaper)
Part 3: Will cover the ISO 27701 certification process from start to finish