What exactly is a certification according to ISO 27701?
In the previous article, we introduced you to the topic of certifying an ISMS (Information Security Management System) according to ISO 27001.
The following article will focus on an extension of ISO 27001 regarding the topic of data protection and its certification according to ISO 27701.
Data protection and data security are closely linked. If data security is already certified by an existing implementation of ISO 27001 – or if this is done in parallel – an extension can be made by a corresponding data protection management system (also known as PIMS (Privacy Information Management System)) within the framework of the new ISO 27701. It includes an extended protection for personal data in the company. Here, too, the focus lies on a management system.
If resources are to be shared, the structure of the PIMS can be planned from the outset. The ISMS then fulfils the requirements according to art. 32 GDPR, the PIMS covers the remaining regulations of the GDPR.
Who is allowed to certify?
Accredited certification bodies are also responsible for testing and the subsequent certification. The German Accreditation Body (DakkS) currently defines the accreditation conditions of certification bodies for ISO 27701. Currently, there are no such bodies in Germany.
However, this will probably change soon and in all likelihood, in the second quarter of 2022, the first German companies will be accredited by the DAkkS and will be able to offer certifications according to ISO 27701.
With the ePrivacycert GmbH we are currently in this accreditation process and will be one of the first companies to participate.
You can find further information in the next few days on our new website of the ePrivacycert GmbH, which will be online shortly: www.eprivacycert.eu
If you have any further questions, we will be happy to advise you.
Your Contact to ePrivacy: