Image no found Image no found
Image no found
Image no found

Leveraging ISO 27701 to Improve Data Privacy and Security Compliance

31 Aug 2020 | Leonard Kamau

This blog will discuss how UAE entities can leverage on ISO 27701 with their existing information security management system to help improve data privacy and enhance compliance with the various security standards that they operate.

ISO 27701 is a new standard, published in August 2019, for information and data privacy. It describes a framework for “controllers” and “processors” of personally identifying information (PII) to manage data privacy and enable regulatory compliance. Most UAE entities have implemented or are in the process of implementing the UAE IA standard as a management system for their information security. The UAE IA standard is primarily based on the ISO 27001 standard.

The UAE has two applicable data protection regulatory requirements specific to Financial Services Free Zones, the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM), respectively. Both are only applicable to organisations operating in the two Free Zones. Case in point:

  • DIFC Data Protection Law 2020 increases privacy compliance requirements for an organisation registered within DIFC
  • Data Protection Regulations 2015 governs the processing of personal data by persons operating in the ADGM

How then does ISO 27701 Relate to ISO 27001?

ISO 27701 serves as an enhancement to ISO 27001. It is one of several risk management standards, which assures that your organisation complies with the applicable PII regulations. The full usage of this new standard would only be realised once your organisation has implemented ISO 27001 or UAE IA standard(s). The reason for this is because, ISO 27001/UAE IA standard does not independently fulfil the requirements of privacy, which is why the extension is significant.

What are the benefits of this new extension?

  • It strengthens the organisations existing Information Security Management System (ISMS) with the extension of a PIMS, as well as privacy-related controls.
  • It improves trust between an organisation and its interested parties that it complies with privacy laws.
  • It increases customer satisfaction knowing well that customer data is protected and used for the intended purpose only.
  • It supports compliance with privacy regulations and regulatory bodies.
  • It clarifies roles and responsibilities within the organisation.

Below are the extension mappings and correlation that underscores how the two standards are linked together to achieve privacy.

ISO/IEC 27001 (Information Security Management System) ISO 27701 Privacy Information Management System (PIMS)
1 Information security Information Security and Privacy
2 information security management Information security and privacy information management
3 information security management system (ISMS) Privacy information management system (PIMS)
4 Information security objective Information security and privacy objectives
5 Information security performance Information security and privacy performance
6 Information security requirements Information security and privacy requirements
7 Information security risk Information security and privacy risk
8 Information security risk assessment Information security and privacy risk assessment
9 Information security risk treatment Information security and privacy risk treatment

In summary, Integrating ISO 27701 will create a Privacy Information Management System (PIMS) hence reducing risk to the privacy rights of individuals. The UAE IA standard, which is the primary ISMS standard for most entities within the UAE, can get the ISO 27701 extension to enable the organisation to meet the required privacy requirements.

For you to realise these significant advantages for your organisation, get in touch with our consultants at Digital14.com/protect, and we shall guide you on ensuring that your organisation is at the forefront of integrating its ISMS with the PIM.

References:

  • ISO 27001: 2013 ISMS Standard
  • ISO 27701 PIMS Standard
  • UAE Information Assurance (IA) Standards.

We Are Digital14

Connect with us

© Digital14. All rights reserved.