.svg)
.png)
What is ISO 27701? ISO 27701 vs. GDPR?
ISO 27701 is a privacy extension to ISO 27001 standard. Organization upgrades their management system to cover privacy aspects in addition to information security aspects. Standard inlcudes 31 controls for data controllers and 18 controls for data processors. As an international standard ISO 27701 is tightly connected to different privacy-related regulations and laws, e.g. GDPR (EU), CCPA (California) and LGPD (Brazil).
Here's how to build a ISO 27701 compliant PIMS in Cyberday:
Automated report visualizes your ISO 27701 compliance
Framework requirements are implemented in Cyberday through tasks. Once you activate tasks and define their implementation status, the report will automatically start turning greener. See details by clicking each cell in the report and understand how to improve!
Understand what needs improving and how to do it
Pending tasks in your account will help you get compliant and also go further then the minimum compliance level. First you understand how to get compliant and later you understand how to harden your security even more on each aspect.
Document your personal data processing systematically
Databanks are the different logical entities of your data, e.g. "Customer data" vs. "Staff data". You should first find an owner for these and then describe their contents (i.e. Data sets) and their processing activities with related legal bases and personal data processors.
Required documents automatically created from documentation
If you have filled your databanks, e.g. "Records of processing activities" and many other reports that help you demonstrate compliance are automatically created.
Automated and easily publishable privacy notices
GDPR demands clear communication about your personal data processing. This is automatically created as an own privacy notice for each databank. You can share a full list of notices with one embed on your website.
Improve data protection and privacy further
Once you have the basics in order, you can focus on more advanced data protection activities. You can e.g. carry out DPIAs, create balance tests, manage vendors, data transfers and contracts, distribute guidelines for your staff.
Once you have the basics in order, you can focus on more advanced data protection activities. You can e.g. carry out DPIAs, create balance tests, manage vendors, data transfers and contracts, distribute guidelines for your staff.
Once you have the basics in order, you can focus on more advanced data protection activities. You can e.g. carry out DPIAs, create balance tests, manage vendors, data transfers and contracts, distribute guidelines for your staff.
Once you have the basics in order, you can focus on more advanced data protection activities. You can e.g. carry out DPIAs, create balance tests, manage vendors, data transfers and contracts, distribute guidelines for your staff.
