Given the needs in the processing of personal data, the new UNE-EN ISO / IEC 27701: 2021 Standard reinforces the implementation of information privacy management systems to guarantee privacy.
Privacy management is one of the great pending issues in many companies given the large volume of data that they must handle on a daily basis. In order to strengthen the implementation of Information Privacy Management Systems (SGPI), the Spanish Association for Standardization, the UNE, recently published the UNE-EN ISO / IEC 27701: 2021 Standard.
It is an extension of the ISO / IEC 27001 and ISO / IEC 27002 standards for information privacy management in which a large number of experts in the field have worked to facilitate obtaining certification of the international standard.
With this, the new standard seeks to optimize the management of the privacy of Personally Identifiable Information, or Personally Identifiable Information, PII, fundamental in companies and organizations, thereby guaranteeing the rights and freedoms of the interested parties.
For these purposes, the UNE-EN ISO / IEC 27701: 2021 standard establishes what are the necessary requirements to carry out a correct management of the privacy of the PII with the implementation of an SGPI system to achieve maximum security, confidentiality, integrity, availability. and resilience of the systems that handle this information.
In this way, it becomes a tool that helps companies to guarantee and demonstrate that they comply with the provisions of the General Data Protection Regulation (RGPD), and with Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights, the LOPDGDD.
This will help, thanks to UNE-EN ISO / IEC 27701: 2021, to comply with the principle of proactive responsibility of the RGPD that requires the management of regulatory compliance and the risks involved in the treatment of PII.
How the UNE-EN ISO / IEC 27701: 2021 affects professionals
Likewise, the standard also becomes a great ally of those responsible for the treatment of the PII who receive requests for information and guarantee of compliance with the RGPD and the LOPDGDD. By obtaining this certification, these managers will be able to demonstrate that they are complying with the ISO standard that guarantees their trust and reliability in Information Privacy Management Systems.
It should not be forgotten that the new UNE-EN ISO / IEC 27701: 2021 expands the controls already included in the ISO / IEC 27001 standards Information Technology – Security Techniques – Information Security Management Systems – Requirements, as well as well as ISO / IEC 27002 Information Technology – Security Techniques – Code of Practice for information security controls.
In addition to expanding and improving these two standards, the new one adds new requirements differentiating between those intended for management by those responsible for the treatment and those in charge and sub-processors.
With these new features, it seeks to comply with the specific obligations derived from the regulations of Data Protection internationally, especially with the GDPR. In the Spanish case, UNE-EN ISO / IEC 27701: 2021 complements the rest of the standards included in the ISO 27000 family to standardize information security and the protection of PII, especially the UNE-EN ISO / IEC 27001 standards. : 2017 and UNE-EN ISO / IEC 27002: 2017.
From the Spanish Association for Standardization they trust that all these standards, “Effectively implemented, they help entities to create a culture of regulatory compliance, always having as a starting point and objective to guarantee the security of the PII processed and respect for the rights and freedoms of its owners”.