A new CEN-CENELEC standardization project to offer refinements in a European context for Privacy Information Management Systems

EN ISO/IEC 27701 “Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines” sets out generic requirements for a Privacy Information Management System whose guidance can be adapted by organizations according to their context and applicable obligations. It can be considered as an international framework, in which it is possible to define more particular, regional refinements.

CEN and CENELEC’s Joint Committee 13 ‘Cybersecurity and Data Protection’ (CEN-CLC/JTC 13) has now started a new project, which aims at developing a standard that offers such refinements for a European context: the aim is to develop guidelines that organisations will be able to use for the purpose of demonstrating compliance with their obligations relating to GDPR.


The refinements that will be set out in the new document relate to processing operations as part of products, processes, and services. Certification bodies will be able to use these requirements and refinements to assess the conformity of both a privacy information management system per ISO/IEC 17021 and the processing operations of a product, process or service per ISO/IEC 17065. Provisions of this document may be considered for the creation of a certification mechanism as per GDPR’s article 42, which establishes this possibility.


Many stakeholders would benefit from this new standard: organisations processing personal data, which will no longer need to interpret ISO/IEC 27701 themselves anymore; regulatory bodies, who will have the possibility to use provisions from this document to establish certification mechanisms; and of course consumers, who will be able to trust products complying with a standard that strengthens the protection of personal data.


Should you be interested to participate in the development of the new “Privacy Information Management System per ISO/IEC 27701 - Refinements in European context”, we invite you to contact your National Standardization Body (NSB) or your National Committee (NC).




Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on, your device to remember your preferences.

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

I accept all cookies