Compliance Standards for General Data Protection Regulation (GDPR)

Extends ISO 27001 and ISO 27002 with specific requirements and guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS). Maps directly to GDPR requirements and provides a certifiable framework for privacy compliance.

Specifies requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Provides a systematic approach to managing sensitive company information.

Provides guidance on protecting Personally Identifiable Information (PII) through appropriate technical and organizational controls. Complements ISO 27701 with detailed control guidance for GDPR Article 32 security of processing requirements.

Provides guidelines for a process to assess privacy impacts and treat privacy risks. Directly supports GDPR Article 35 DPIA requirements with methodology for identifying and mitigating privacy risks in processing operations.

Establishes a privacy framework with 11 fundamental privacy principles that form the foundation for privacy protection. These principles align with and support GDPR's core data protection principles.

Collection of practical guidelines and best practices published by ENISA covering IoT security, vulnerability disclosure, supply chain security, and incident handling aligned with EU regulatory requirements.

Provides guidelines for information security incident management, including preparation, detection, assessment, response, and lessons learned. Covers the complete incident lifecycle from planning to post-incident activities.