The new ISO 27552 standard is an extension to ISO 27001/02, and expands the mandatory clauses and controls (4 to 10), to encompass privacy requirements. This will continue to drive organisations to have Data Privacy by design and default, within their Information Security Management System ISMS.

The new standard will specify a Privacy Information Management System PIMS based on ISO/IEC 27001, 27002 and 29100 (privacy framework). It will apply to both controllers and processors of Personally Identifiable Information (PII), who will see new specific guidance, and have obligations to meet.

Adopting this new standard will strengthen and enhance all Data Protection and GDPR policies and procedures, which organisations have in place.