How do I implement ISO/IEC 27701 Privacy Information Management

Once you have familiarised yourself with the requirements, you’re ready to begin implementing ISO/IEC 27701 and show you take protecting personal information seriously.

Here are our top tips for successful ISO/IEC 27701 implementation:

  • Secure commitment across your organization, including your leadership team, employees and supply chain
  • Regularly engage with your leadership team and key stakeholders
  • Clearly define your role as a data processor, controller or both
  • Compare your existing privacy processes and controls with ISO/IEC 27701 requirements
  • Get supply chain and stakeholder feedback on your current privacy processes and controls
  • Establish an implementation team to get the best results
  • Map out and share roles, responsibilities and timescales
  • Adapt the basic principles of the ISO/IEC 27701 standard to your organization
  • Motivate and support your staff through training courses
  • Create a more consistent approach throughout the data processing supply chain by encouraging others to implement ISO/IEC 27701
  • Consider BSI software to help capture and manage your ISO/IEC 27701 audits, findings, incidents and risks more effectively
  • Regularly review your ISO/IEC 27701 system to make sure it remains effective and that you are continually improving it

Why choose BSI certification?

The BSI Group supports 84,000 clients in 193 countries worldwide, ranging from large global multinationals to smaller local companies. As the founder of the ISO standard, BSI assesses the management system of organisations and thus supports the optimisation and continuous improvement of business processes. BSI's experts have gained their experience in organisations from various sectors and are continuously trained to improve their performance.

Read more about BSI