The International Organization for Standardization wrote ISO 27701 to align the standards of the ISO 27001 series with privacy-based standards like GDPR and CCPA. As such, it addresses the core requirements of that standard and refines them so that organizations don’t have to fumble in the dark about adapting their existing ISO certifications to larger regulatory frameworks.

Previously, we discussed the impact of this document on ISO 27001. In this article, we carry on where we previously left off by discussing refinements to ISO 27002 and adopting specific controls to handle PII.

Read More

GDPR has needed a centralized assessment and certification model for some time now. Still, with the plethora of certifications and standards covering different business contexts, there has yet to be a single approach that has risen to the top of the heap. However, the governing bodies of GDPR have authorized the new Europrivacy standard to forego this certification balkanization in favor of a new, hybrid process.

Read More

With the growth of the EU as an economic power, businesses in the United States are working to make headway into this lucrative commercial market. However, they are rapidly learning that the IT and data-driven practices standard in the U.S. will not stand in the GDPR-regulated European Union. 

There are some basic preparations that any U.S. business must undertake even to consider getting ready for business in the EU. 

Read More