With an ISO 27701 certificate your organisation can show all stakeholders that the protection of privacy, when processing (personal) data, is accurately handled. Moreover, the ISO 27701 certification demonstrates that the organisation is properly aligned to work with privacy-sensitive information in a correct and careful manner. Same as with GDPR, a legislative regulation, it involves optimal interaction between organisational workability and the technical measures that need to be taken in order comply with ISO/IEC 27701.
An organisation that is already working according to the ISO 27001 standard and wishes to extend this with the ISO 27701 is required to set up and implement a whole set of guidelines and procedures. It is important that this concerns an ongoing cycle (PDCA-cycle), in which changes that impact the PIMS are appropriately processed, implemented and checked. In this way the PIMS stays up-to-date, which is not only important for internal processing but also to stay compliant with the requirements for certification.
The ISO/IEC 27701 is an international standard that does not automatically grant compliance with all aspects of the European privacy legislation (GDPR). An ISO 27701 certificated organisation however does give a clear signal to internal and external stakeholders that privacy-sensitive data is being handled in a correct way. In addition, this standard can be used for several international standards such as GDPR or ISO 29100 by means of conversion tables.
Why ISO 27701-certification?
Being certified according to the ISO/IEC 27701 standard is of great value for any organisation that wishes or needs to show that sensitive information is handled in a responsible way, especially if this information can be related to Personally Identifiable Information (PII). Certification can also be necessary when demonstrability is desired by means of a certificate, issued by an independent certification institute such as Kiwa, for instance at a tender or quotation process.