ISO/IEC 27701:2024 Explained
Your Questions Answered About The New Privacy Management Standard
Introduction
Northwave's Privacy experts explain the latest updates to the ISO 27701 guidelines and the value they can add to an organisation.
Data privacy is a cornerstone of digital trust and innovation, which is why organisations must rise to the challenge of safeguarding personal information. You may have heard about new privacy management standards being announced with updates to ISO/IEC 27701.
So what’s actually changing through these latest guidelines and why should organisations take notice? Keep reading for answers to some common questions about the ISO/IEC 27701:2024 norm.
What Is ISO 27701?
The current ISO 27701 is an extension of ISO/IEC 27001, which is one of the most widely used international standards for information security management. The 2019 version aimed to help organisations establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).
With a PIMS, organisations gain a detailed set of operational checklists that help them more easily stay compliance with data protection laws, such as GDPR and NIS2. Especially when combined with an integrated approach to cyber security, a PIMS is an important tool to ensure data privacy, maintain customer and employee trust, and protect brand reputation.
How Can ISO Privacy Controls Help Your Organisation?
Implementing ISO/IEC 27701 can significantly enhance your organisation's risk management practices. Here’s how:
- Improved Trust: Demonstrating a commitment to privacy can build trust with customers, partners, and stakeholders, enhancing your organisation's reputation.
- Regulatory Compliance: ISO/IEC 27701 helps ensure compliance with various data protection laws and regulations, such as GDPR, CCPA, and others, reducing the risk of legal penalties.
- Operational Efficiency: Streamlining privacy management processes can lead to more efficient operations and better resource allocation throughout the entire organisation.
Overview of Changes To The ISO 27701:2024 norm
The exact details of the new ISO 27701:2024 norm will be released sometime in the first quarter of 2025. Although still unconfirmed, it is likely that a new component will include guidelines on how organisations can address climate change within their privacy information management systems.
That said, we already know ISO 27701:2024 will integrate flawlessly with other ISO norms such as ISO27001. By implementing ISO27001 you are already using many controls from ISO27701. However, ISO27701 focusses on data protection specifically. Whilst it cannot guarantee GDPR compliance, a proper functioning PIMS based on ISO27701 will support GDPR compliance. Furthermore, ISO27701 covers all aspects of the ISO29100 norm.
Here is a quick overview of how ISO 27701:2024 differs from the 2019 guidelines.
| Old ISO27701 norm | New ISO27701:2024 norm | Why? |
|---|---|---|
| Connected to ISO27001 norm | MStand-alone management system | The growing importance of data privacy requires a dedicated management system |
| Required a ISO27001 ISMS for a 27701 PIMS | Allows 27701 PIMS without an 27001 ISMS | Enables organisations that use a different informational security norm to implement a privacy norm |
| Informational security controls with a privacy add-on | 52 Non-privacy related controls removed | Streamlines the focus to only privacy important controls |
| 10 new controls | Ensures compatibility with other management systems such as 27001, 29100, and includes new topics such as Threat Intelligence and Cloud services. | |
Structure of ISO27701:2024
The guidelines outline specific requirements and best practices for implementing a PIMS that effectively addresses privacy risks and maintains regulatory compliance.
- Chapter 4 – Context of the organisation
- Chapter 5 – Leadership
- Chapter 6 – Planning
- Chapter 7 – Support
- Chapter 8 – Operation
- Chapter 9 – Performance
- Chapter 10 – Improvement
- Annex B – Implementation guidance for controls for Controllers and Processors.
How Northwave Can Help Improve Privacy Management
We understand the complexities of privacy compliance and the importance of staying ahead in a rapidly changing regulatory environment. Our team is dedicated to providing customised solutions to meet your privacy management goals. Here are some key ways Northwave experts can help you seamlessly navigate data privacy challenges throughout the entire organisation.
Gap Assessment
Gain a thorough assessment to identify gaps in your current privacy management practices and provide actionable recommendations.
Fast Track
Quickly implement the necessary controls and processes to achieve ISO certifications, including ISO/IEC 27701 and ISO 27001.
Advanced Tier Privacy Management
For organisations looking to go beyond the basics, we offer advanced privacy management solutions tailored to specific business risks. Our Managed Security & Privacy Office delivers customised solutions with a dedicated, efficient, and effective security and privacy team as a service.
Contact us today to learn more about how we can help your organisation achieve the ISO/IEC 27701:2024 certification and enhance your privacy management practices.
We are here for you