Riskscape Law Ltd is a legal consultancy, based in London, that helps organisations comply with the laws and regulations associated with using sensitive information. Although it provides advice on compliance with laws and regulations, it is not a law firm and so is not regulated by the Solicitors Regulation Authority.
Kieran McDonagh is the principal of Riskscape Law Ltd. He is an experienced data protection and cyber security professional with many years experience in supporting clients. He has used international standards to audit, risk assess, and remediate controls in data protection, cyber security, business resilience and supply chain risk management. He has also led regulatory compliance projects for BNP Paribas, BP, and Centrica, helping his clients provide assurance to regulators. He is currently a member of the BSI committee developing the international standard ISO 31700 – Privacy by Design.
Kieran has masters’ degrees in cyber security, management science, and law.
Understanding ISO/IEC 27701 – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
Introduction
The privacy of individuals’ personal data is very topical. An organisation must carefully consider how to handle the personal information of customers, employees, visitors, and neighbours; for many organisations this is a challenge. The application of the GDPR (General Data Protection Regulation) in May 2018 meant that all organisations, no matter where they were based, had to comply with the GDPR if they handled the personal data of citizens of the EU. Beyond the EU, at least 132 countries now have a privacy law in place. Organisations that transfer personal data between these countries must take each relevant law into account when considering controls to protect privacy.
Implementing and monitoring controls to support compliance with such laws can be a complex challenge. To make this challenge more manageable, having standards in place can give organisations more confidence in the steps they have taken in fulfilling regulatory compliance. Such standards include ISO IEC 27701 which is an internationally agreed standard that enables organisations to extent their existing ISO IEC 27001 Security Management system (ISMS) to address privacy requirements.
This whitepaper sets out an overview on regulations related to privacy, the role ISO IEC 27701 can play and what this means for businesses and consumers.
riskscape.com 