Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Rejecting any non-legally binding requests for personal data disclosure

Critical
High
Normal
Low

The organization should reject all non-legally binding personal data disclosure requests, but accept all contractually defined personal data disclosures that the customer has accepted. The relevant customer must be asked before handing over personal data.

Connected other frameworks and requirements:
A.8.5.5: Legally binding PII disclosures
ISO 27701
No items found.