ISO 27701 clause 8.3 governs how organisations are obliged to provide information to PII principals about how their PII is being processed, and to meet a range of legal, contractual and regulatory requirements in doing so.
Organisations need to ensure that customers are are given adequate means to fulfil their (the organisation’s) obligations as a PII controller.
Controllers’ obligations are governed by three factors:
Contracts should include any information or technical operations that allow the organisation to fulfil its obligations as a controller.
Various elements of ISO 27701 Clause 8.3 are applicable within UK GDPR legislation. Take a look at the below table for the corresponding references.
ISO 27701 Clause Identifier | ISO 27701 Clause Name | Associated GDPR Articles |
---|---|---|
8.3.1 | Obligations to PII Principals | Articles (15), (17), (28) |
The ISMS.online platform offers integrated assistance at every stage, and our ‘Adopt, Adapt, Add’ implementation approach to ISO 27701, to make the process much easier. You will also benefit from a variety of time-saving features.
We make data mapping a simple task. It’s easy to record and review it all, adding your organisation’s details to our pre-configured dynamic Records of Processing Activity tool.
You’ll be ready when the worst happens. We make it easy to plan and communicate your breach workflow, and document and learn from each and every incident.
Find out more by booking a demo.
Book a tailored hands-on session
based on your needs and goals
Book your demo