General Data Protection Regulation (GDPR)
BUREAU VERITAS SCHEME RELATED TO PERSONAL DATA PROTECTION AGAINST EU REGULATION 2016/679
What is the ISO 27701:2019 standard according to the GDPR?
The European Regulation 2016/679, commonly known as the General Data Protection Regulation (GDPR), mandates that organizations adapt to new requirements concerning personal data protection. Articles 42 and 43 of the GDPR introduce the concept of voluntary certification based on a scheme aligned with ISO 17065, which provides a framework for bodies certifying products, processes, and services. In response to the growing global need for robust Privacy Management, the International Organization for Standardization (ISO) published ISO 27701 in September 2019. This standard provides a structured methodology for implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It is designed to be applicable to organizations of all sizes and sectors, helping them demonstrate compliance with privacy regulations like the GDPR and enhance trust with their stakeholders
The ISO 27701:2019 standard, titled "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines," serves as an international benchmark for managing personal data protection and privacy. It extends the well-established Information Security standards ISO/IEC 27001 and ISO/IEC 27002 to encompass Privacy Management, offering organizations a comprehensive approach to addressing both security and privacy concerns in an integrated manner.
What are the certification services offered by Bureau Veritas in the GDPR domain?
Bureau Veritas offers the following privacy certification services:
- Gap Analysis
Bureau Veritas has developed a Gap Analysis solution. This supports the implementation and evaluation of the effectiveness of efforts to comply with current regulations. Using top-level auditors, we are able to offer a high value-added service, especially on such a complex topic with various interpretative nuances. - Certifications ISO 27701:2019 and ISO 27001:2013
• Certification in accordance with ISO 27701:2019 "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines" managed as an extension of ISO 27001.
• The reference standard in the field of Cyber Security and Information Security has always been ISO 27001:2013 - Information Security Management System - which is able to provide a structured approach to information security. This certification allows for ensuring transparency towards customers and demonstrating protection of their data
FAQ - Frequently asked questions about the GDPR guideline
-
Regulatory references to GDPR: What is the ISO 27001 standard?
ISO 27001 has been indicated by Article 29 Working Party (an advisory body that studies the implementation of the new European Privacy Regulation and issues interpretative Guidelines) as the reference framework for implementing the contents of GDPR, helping companies to better manage certain tools and activities (backup, password management, data breach, log management, logical and physical access management, encryption, compliance, etc.) contained in the European Regulation 2016/679.
The ISO 27001 standard specifies the requirements for defining, implementing, managing, monitoring, reviewing, maintaining, and improving a documented Information Security Management System. The standard was developed to ensure an adequate set of security controls to protect information assets and give confidence to customers and interested parties.