3rd Party Risk Management , Governance & Risk Management , Identity Governance & Administration

Analysis: New ISO Privacy Standard

Requirements Explained in In-Depth Interview
Analysis: New ISO Privacy Standard
Matthieu Grall, CISO and DPO at SodiFrance

What's the purpose of ISO 27701, the new privacy extension to the ISO 27001 information security management standard? Matthieu Grall, CISO and DPO at SodiFrance, a French IT services company, who participated in development of 27701, explains the standard and discusses "privacy by design" compliance issues (see: Wearing Two Hats: CISO and DPO.)

To be certified as compliant with 27001, organizations now must also comply with the privacy requirements of 27701.

ISO 27701 mainly adds two things to ISO 27001, Grall says in an interview with Information Security Media Group. "First it adds requirements to "consider the impact on individuals of the risk assessment process." And secondly, it addresses "privacy considerations on existing information security controls and on privacy-specific controls."

In this interview (see audio link below image), Grall also discusses:

  • Why there was a need for an ISO standard for privacy;
  • Challenges CISOs will face in complying with ISO 27701;
  • How organizations can achieve privacy by design as they strive to comply with the new requirements;

Grall is CISO and DPO at SodiFrance, an IT services company. Previously he was with the French information security agency ANSSI. He also had a long stint with the French data protection authority CNIL.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.