ISO 27701 – Privacy management systems

Since the introduction of the GDPR in 2018, the number of stringent data privacy laws around the world has continued to rise. ISO 27701 was developed to give organisations an internationally recognised system for managing and protecting personal data.

Now in its second edition, ISO 27701:2025 is an entirely standalone management system standard that no longer requires certifying organisations to also achieve certification to ISO 27001 (the information security management system standard). This lowers the barrier to entry, allowing more organisations to take a proactive approach to GDPR and data privacy compliance.

Read this paper to:

• Discover what has changed in the 2025 edition of ISO 27701;
• Understand the core parts of the Standard; and
• Learn how you can use ISO 27701 to achieve GDPR compliance.

Published: February 2026

Keywords: ISO 27701, data privacy, privacy information management systems, PIMS