ISO/IEC - IT Proxsis Group

UU Personal Data Protection and ISO/IEC Standard Consultation 27701:2019

Organizations that actively gather and manage sensitive data may need to make adjustments due to the publication of legislation on personal data protection. The ISO/IEC 27701:2019 standard is an organized set of instructions for managing privacy information for a company with a global reputation.

ISO/IEC 27701:2019 standard is an extension of ISO/IEC 27001:2022 regarding information security systems. A basic explanation of the evaluation of a company’s infrastructure controls in security, privacy/data protection, and business continuity standards may be found in ISO/IEC 27701:2019. According to ISO standards and best practices, we might need to implement a new solution.

Why We Need Implementing ISO/IEC 27701:2019?

Target Industry

Those sectors are required to ensure the security of data that is regularly managed for business purposes, and this is further encouraged by the existence of several Indonesian regulations that demand ISO/IEC 27001:2022 certification (for instance, the Minister of Communication and Informatics, POJK, PBI, and Government Regulations of the Republic of Indonesia).

ISO/IEC 27701:2019 Implementation Requirements + UU Personal Data Protection

Organizations must design, develop, and implement an ISMS in line with pertinent national and international standards and legislation, such as the UU Personal Data Protection, in order to comply with ISO/IEC 27701:2019. Prior to being able to comply with privacy information management regulations, enterprises must first establish compliance with the ISMS standard ISO 27001:2013.

The good news is that firms that are already in compliance with ISO/IEC 27001:2013 will only need to perform a few more activities. This also contains a second risk analysis that takes additional measures into account.

F.A.Q

Do you have additional questions?

Why We Need Implementing ISO/IEC 27701:2019 standard?

The issuance of regulations on Personal Data Protection is mandatory for companies to protect and manage personal data.

When should the ISO 27701:2019 standard be effectively implemented?

This standard begins to need to be implemented to comply with the UU Personal Data Protection which was passed on October 17, 2022.

How should ISO/IEC 27701:2019 be implemented?

-First Assessment
-Management Commitment
-Implementation Team Development
-Scope Determination
-Determination of Information Security Policy and Objectives
-Risk Identification
-Protection and Risk Reduction
-Development and Implementation of Controls
-Awareness and Training
-Internal Auditing
-Performance Monitoring and Measurement
-External Audit and Certification
-Continuous Maintenance and Improvement: Continuously maintain and repair the ISMS in accordance with changes in the organization and business environment.