EN 
NL 
DE ISO 27701 audits
Do you want to obtain ISO 27701 certification or are you curious why other organisations choose it? ISO 27701 is the perfect complement to your ISO 27001 management system and specifically addresses privacy. With certification, you can easily and independently demonstrate that your organisation's privacy is in order.
- Your audit starts when it suits your organisation
- Personal guidance throughout the certification process.
- Sharp prices
More than 500 organisations have already gone before you.
The standards explained
What is the ISO 27701?
Have you already started implementing ISO 27001? Then the ISO 27701 standard is an extension for your information security. To demonstrate that your personal data is properly secured, the ISO 27701 standard has been developed to act as a benchmark and best practice.
ISO27701 is a standard that sets requirements for a Privacy Information Management System (PIMS) that provides a management system for the protection of personal data. This is a global standard. The standard applies to all types of organisations, regardless of their size, whether public or private companies, government agencies or non-profit organisations.
Why is ISO 27701 important?
Many organisations feel the need to demonstrate to stakeholders that compliance with the AVG as a whole is being achieved. Unfortunately, the ISO27701 standard is not an AVG/GDPR compliance certification. However, it does give requirements for a Privacy Information Management System (PIMS).
Privacy and data protection were already included in ISO 27001 through a legal requirement (ISO27001 A.18.1.4), but the implementation of ISO 27701 makes it part of the management system. As with ISO27001, it is important that the organisation has implemented a management system based on a risk methodology that contributes to data protection.
The aim of the ISO 27701 is therefore to provide organisations with a practical framework that allows them to extend the existing ISMS (Information Security Management System) with a PIMS (Privacy Information Management System). The ISO 27701 incorporates the PDCA cycle and risk analysis in line with ISO 27001.
With this extension, an organisation can demonstrate that the PDCA cycle has been implemented and risk analyses carried out according to the control measures mentioned for privacy in ISO 27701. This puts the organisation 'in control' of its privacy policy and implementation.
![logo-zl-concern[1]](https://www.digitrust.nl/wp-content/uploads/2025/02/logo-zl-concern1-300x90.jpg){kind=logo}
![cmyk-Logo Cura Mare [top]](https://www.digitrust.nl/wp-content/uploads/2024/09/RGB-Logo-CuraMare-300x45.jpg){kind=logo}
or call one of our specialists
What is PII?
PII stands for personally identifiable information (PII); read person data. This may be as a data controller, co-processor, processor or both. Europe (the Netherlands) is subject to legislation for the protection/processing of personal data based on the AVG/GDPR. It is therefore important that you handle this carefully.
Approval Personal Data Authority?
As a regulator, the Personal Data Authority (AP) has no involvement in this standard. An organisation with an ISO27701 certificate does not necessarily comply with the AVG.
It does say something about the attention an organisation pays to privacy in its processes and improvement cycle. In this sense, you could say it is an example of a best practice.
The focus of ISO27701 is not the same as that of the AVG. ISO27701 focuses on the PIMS. The PIMS mainly focuses on design and existence of policies, measures and procedures. As a law, the AVG is different from a management system: operation (or non-operation) of measures taken can be grounds for finding a deviation and imposing a sanction. Consider, for example, a data breach. There is an important distinction here: the AVG is an EU regulation, the ISO27701 is a globally applicable set of standards.
Can the ISO 27701 be done without the ISO 27001?
No, the ISO 27701 is complementary to the ISO 27001. So you cannot implement ISO 27701 without complying with ISO 27001.
Value ISO 27701 certificate
Certification, through its independent review by DigiTrust, adds value in several areas;
- It is to stakeholders a proof of existence and operation of an implemented Privacy Management System.
- It reinforces trust in the organisation using/processing personal data.
- Certification is a tool for selecting suppliers and gives an indication of the organisation's professionalism.
- It indicates that privacy has the organisation's attention.
What is the investment for ISO 27701?
An ISO 27701 audit is an extension of an ISO 27001 audit. If combined, it will increase the audit time by 40%. There are aggravating and alleviating factors here, depending on your context. Contact the DigiTrust back office to find out what this will mean for your organisation.
Read more here On acquiring the relevant standard.
Questions about a ISO 27701 audits or curious about the possibilities?
Our specialists will be happy to tell you more about it. Call us at 088-224 56 00, please email us at sales@digitrust.nl or use our online contact form. We will be happy to visit you for a no-obligation introduction.
More than 300 organisations have already gone before you.