Analysis: New ISO Privacy StandardRequirements Explained in In-Depth Interview
What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses
To be certified as compliant with 27001, organizations now must also comply with the privacy requirements of 27701.
ISO 27701 mainly adds two things to ISO 27001, Grall says in an interview with Information Security Media Group. "First it adds requirements to "consider the impact on individuals of the risk assessment process." And secondly, it addresses "privacy considerations on existing information security controls and on privacy-specific controls."
In this interview (see audio link below image), Grall also discusses:
- Why there was a need for an ISO standard for privacy;
- Challenges CISOs will face in complying with ISO 27701;
- How organizations can achieve privacy by design as they strive to comply with the new requirements;
Grall is CISO and DPO at SodiFrance, an IT services company. Previously he was with the French information security agency ANSSI. He also had a long stint with the French data protection authority CNIL.