Just before Christmas on 20 December 2019, the Information Commissioner’s Office (ICO) announced that it will be working with the UK Accreditation Service (UKAS) to deliver its
GDPR-approved certification schemes. The short announcement can be found here.
Whilst, as yet, there is no detail on what the schemes will entail, it is hoped that UKAS and the ICO will draw on privacy information management system (PIMS) standards that have already been established, most notably ISO 27701.
After being fast-tracked from a draft standard, ISO 27701 Standard was published in August 2019 and we already have a number of certification bodies offering certification schemes. Perhaps the strongest endorsement to date of ISO 27701 being the de facto standard for privacy and privacy management is Microsoft’s recent announcement that it has certified its Azure platform to ISO 27701.
Introducing ISO 27701 Consultancy
URM is introducing ISO 27701 (among its services), which builds on the information security management requirements of the widely adopted ISO 27001 Standard, provides a best practice framework for organisations to implement a PIMS and improve their data protection/data privacy capabilities.
As one of UK’s leading information security and data protection consultancy and training organisations, URM is already actively working with a range of organisations to implement ISO 27701, including both companies which have and have not already implemented ISO 27001.