Skip to content

In 2019, the International Organization for Standards joint technical committee ISO/IEC JTC1, Information technology subcommittee SC27, developed a privacy framework that was intended to build off of the existing ISO data security standards – i.e., ISO/IEC 27001:2013 (Information security management systems) and ISO/IEC 27002:2013 (Code of practice for information security controls) – by integrating into those existing security standards data privacy-related concepts. Among other things, the ISO 27701 privacy framework integrated many controls that were intended to relate to the European General Data Protection Regulation which went into force the year prior.