EN ISO/IEC 27701 “Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines” sets out generic requirements for a Privacy Information Management System whose guidance can be adapted by organisations according to their context and applicable obligations. It can be considered as an international framework, in which it is possible to define more particular, regional refinements.
CEN and CENELEC’s Joint Committee 13 ‘Cybersecurity and Data Protection’ (CEN-CLC/JTC 13) has now started a new project, which aims at developing a standard that offers such refinements for a European context: the aim is to develop guidelines that organisations will be able to use for the purpose of demonstrating compliance with their obligations relating to GDPR.