De Novo ISO/IEC 27701:2019 compliance

The International Organization for Standardization (ISO) could not ignore the issue of personal data protection, especially given the fact that it has developed universally recognized standards in the field of information security. As a result, under the leadership of ISO and with the assistance of the International Electrotechnical Commission (IEC), a new standard was developed - ISO/IEC 27701:2019 "Security practices - Supplement to ISO/IEC 27001 and ISO/IEC 27002 for the protection of confidential information. Requirements and guidelines" (ISO/IEC 27701:2019 "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines").

As the name implies, ISO/IEC 27701:2019 is an extension of the recognized information security standards ISO/IEC 27001 and ISO/IEC27002. ISO/IEC 27701:2019 adds to and expands the relevant sections related to the management of privacy information.

All the requirements set out in ISO/IEC 27701 are universal and applicable to any company or organization, regardless of the scale and scope of their activities. At the same time, the standard is largely based on the requirements of the GDPR and even contains a special annex - Annex D (Mapping to the General Data Protection Regulation), which provides a point-by-point comparison of certain provisions of ISO/IEC 27701 with the European Regulation.

However, the main advantage of ISO/IEC 27701:2019 is that it has helped De Novo develop and implement an effective personal data management system based on an internationally recognized approach.