Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

ISO/IEC 27701 (Privacy Information Management)

1 min read
Pronunciation
[eye-es-oh slash eye-ee-see two-seven-seven-zero-one]
Analogy
Like adding privacy‑specific safeguards—such as locked filing cabinets and redaction protocols—to an existing document security system.
Definition
An international extension to ISO/IEC 27001 that specifies requirements and guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) to protect personally identifiable information (PII).
Key Points Intro
ISO/IEC 27701 builds on ISMS to address privacy risk management and regulatory compliance.
Key Points

PII controllers & processors: Defines roles and responsibilities.

Privacy controls: Supplemental controls for consent, data minimization.

Data subject rights: Processes for access, correction, and erasure.

Integration: Aligns with GDPR, CCPA, and other privacy laws.

Example
A DeFi KYC provider implements ISO 27701, documenting PII flows, consent records, retention schedules, and subject access request procedures.
Technical Deep Dive
PIMS incorporates privacy risk assessments, DPIAs, record of processing activities, and integrates with ISMS controls. Control objectives include A.18.1.4 (Privacy by design) and mapping PII lifecycle.
Caveat
Extension requires existing ISO 27001 foundation; cannot be certified standalone.

ISO/IEC 27701 (Privacy Information Management) - Related Articles

No related articles for this term.