Skip to content

The ISO 29100 privacy framework sets forth the following 11 core principles:

  1. Consent and choice
  2. Purpose legitimacy and specification
  3. Collection limitation
  4. Data minimization
  5. Use, retention, and disclosure limitation
  6. Accuracy and quality
  7. Openness, transparency, and notice
  8. Individual participation and access
  9. Accountability
  10. Information security
  11. Privacy compliance

The ISO 27701 privacy framework is not explicitly organized using the above privacy principles; however, the controls that apply to controllers and the controls that apply to processors that are found within ISO 27701 can be mapped to each of the above principles. As a result, it is possible for an organization to adopt the privacy principles of ISO 29100 and utilize the 49 controls identified within ISO 27701 as a framework for implementing those principles.