Participate to the development of a new standard on data protection certification

EN ISO/IEC 27701 ‘Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management-Requirements and guidelines’ sets out generic requirements for a Privacy Information Management System which can be adapted by organizations according to their context and applicable obligations.

In order to apply its requirements in a European Context, CEN and CENELEC JTC 13 on ‘Cybersecurity and Data Protection’ is working on developing a new standard: prEN 17926. The purpose of prEN 17926 is to refine ISO/IEC 27701 so it is as adequately fit as possible for the European context of the Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR). It successfully passed the Enquiry Ballot in February 2023.


Now, CEN-CLC/JTC 13 is starting another new project, which in turn aims at developing a standardized certification scheme for PII processing operations against prEN17926. This certification scheme will be for operation by certification bodies in compliance with the requirements of ISO/IEC 17065.


The assurance certification provides to stakeholders relies on the requirements that its mechanisms comply with: for instance, the requirements for certification bodies (accreditation), and the certification schemes to ensure consistency and repeatability. Once available, prEN 17926 will allow market stakeholders to greatly benefit from the high level of assurance offered by compliance to such requirements.


Indeed, stakeholders need to be assured about the solidity and consistency of conformity assessment processes in the privacy field: data controllers and processors, data subjects, and regulators. The proposed standard will specify the requirements needed for certification schemes to achieve that level of assurance regarding data processing operations against prEN 17926. Once the proposed standard is developed, it will be possible to propose it for approval as a certification criterion, as foreseen by GDPR article 42. Such a proposal could be made by an organization willing to take the role of scheme owner and to propose it to the appropriate authorities for approval.


Should you be interested to participate in the development of the new ‘Scheme for certification of PII processing operations against prEN 17926’, we invite you to contact your National Standardization Body (NSB) or your National Committee (NC).


prEN 17926 is being developed by CEN-CLC/JTC 13 ‘Cybersecurity and Data Protection’, the Secretariat of which is currently held by DIN. The same JTC is currently working on more standards to address similar issues, notably through its Working Group 5 ‘Data Protection, Privacy and Identity Management’.




Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set optional cookies unless you enable them. Using this tool will set a cookie on, your device to remember your preferences.

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.

I accept all cookies