Skip to content
Search our site  

    ISO/IEC 27701 personal data protection

    Organizations that process personal data or personally identifiable information can consider adding ISO/IEC 27701 certification to their ISO/IEC 27001 certification.

    Contact us

    Personal data protection with ISO/IEC 27701


    What is ISO/IEC 27701?

    ISO/IEC 27701 buillds on ISO/IEC 27001. It is a compliance standard for GDPR (General Data Protection Regulation) and specifies the requirements for, and provides guidance for establishing, implementing, maintaining and continuously improving an information management system for privacy (PIMS) based on the requirements of the information security standard. It is extended with privacy-specific requirements and controls.


    What types of organizations should consider ISO/IEC 27701?

    ISO/IEC 27701 is for organizations that process personal data, in addition to personally identifiable information (PII), which is information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual.


    Is ISO/IEC 27701 accreditation offered in addition to ISO/IEC 27001?

    Nemko offers non-accredited certification in accordance with ISO/IEC 27701 solely in combination with or after accredited certification in accordance with ISO/IEC 27001.


    Why Nemko?

    • Nemko has a lean organization with an effective decision-making process and quick turnaround
    • Auditors have valuable experience and inspire a culture of constant improvement
    • They value communication with customers
    • Observations and comments are clearly expressed to ensure measurable improvement
    • The approach is practical and down-to-earth
    • The auditor is responsible for the customer during the entire audit process and audit cycle


    The certification process consists of two phases: 

    • Phase 1consists of an audit of the business in order to review the status of the organization, system documentation, infrastructure, etc. This assesses the maturity of the system. 
    • Phase 2is the certification audit, aiming to verify that the system documentation meets the requirements of the standard. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that need to be corrected before a certificate can be issued. 

    Experienced team

    Our knowledgeable and efficient auditors bring the longstanding expertise of a company that has been providing third-party certification according to ISO standards for more than a quarter of a century.

    Contact us