How ISO 27701 could be a new framework for sustained GDPR compliance

The Privacy Information Management System, defined by ISO 27701, provides a framework for integrating privacy into organizational practices.

The protection of information across the organization has proven to require a multidisciplinary effort and cross-functional expertise. Over the past years, the privacy domain has become increasingly regulated. Privacy governance remains a complex endeavor in view of regulatory attention, evolving legislation globally and societal maturity.

The 2019 IAPP-EY Privacy Survey revealed that next to data breaches, legal and regulatory compliance – especially with the general data protection regulation (GDPR) – assumes a high priority on the Board’s list of privacy concerns.

In fact, over 40% of respondents name compliance with privacy laws and regulations as their highest priority. Yet at the same time, just over 40% of the participating privacy professionals indicate that they are only ‘moderately compliant’ with the GDPR. As such, the urgency for enhanced compliance mechanisms becomes apparent.

Across industries, we see that our clients desire a shift from project-based compliance to long-term sustainable privacy practices.

The full article can be accessed here.

EY Law key contacts:

Peter Katko

EY Global Digital Law Leader

Fabrice Naftalski

EY Global and EMEIA Data Privacy Leader