ISO/IEC 27701: Threats and Opportunities for GDPR Certification

23 Pages Posted: 16 Mar 2020

See all articles by Eric Lachaud

Eric Lachaud

Tilburg University - LTMS, home of Tilt and Tilec

Date Written: January 15, 2020

Abstract

The paper assesses the possible consequences for Article 42/43 certification of the recently published ISO/IEC 27701:2019 standard. The new ISO standard establishes a management system that aims to manage ‘the processes for protecting the capture, accountability, availability, integrity, and confidentiality of personal data.’ The conformity with the standard’s requirements is certifiable by the private certification bodies interested in providing this service to businesses. The paper shows that ISO/IEC 27701:2019 based certification possesses many assets to dominate the market of data protection certification and, thus, compete with the approach supported by the European supervisory authorities on data protection. ISO based certification offers many operational advantages to businesses which are looking for a workable solution to streamline information security and data protection in their organization. In the meantime, the EU supervisory authorities are still wandering on the right option to approve certification schemes under Article 42/43 regime. A strong uptake of ISO/IEC 27701:2019 based certification alongside Article 42/43 certification could confuse the general public and eventually threaten Article 42/43 implementation. But it could also offer an opportunity to the European supervisory authorities to spread data protection principles beyond EU borders and clarify the relationships they intend to establish between Article 42/43 certification and ISO standards based one.

Keywords: Certification, ISO/IEC 27701:2019, Article 42 GDPR, Data Protection, Accountability, ISO standards, Self-regulation

Suggested Citation

Lachaud, Eric, ISO/IEC 27701: Threats and Opportunities for GDPR Certification (January 15, 2020). Available at SSRN: https://ssrn.com/abstract=3521250 or http://dx.doi.org/10.2139/ssrn.3521250

Eric Lachaud (Contact Author)

Tilburg University - LTMS, home of Tilt and Tilec ( email )

Tilburg
Netherlands

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
310
Abstract Views
963
rank
110,366
PlumX Metrics