Platform
- Overview
- Features
  - Risk ManagementManage all your business risks in one place
  - Asset ManagementDynamic asset management solution
  - Supply Chain ManagementEffortlessly integrate your supply chain
  - IntegrationsEssential integrations at your fingertips
  - HeadStartGet certified up to 5x faster
  - Assured Results MethodYour path to certification success
  - Virtual CoachYour always-on guide to ISO 27001
  - Explore All Features
Solutions
- Frameworks
  - ISO 27001The information security standard
  - ISO 42001The Artificial Intelligence standard
  - ISO 27701Data privacy for your business
  - ISO 22301Streamline your business continuity
  - ISO 9001Simplify your quality management
  - GDPRKeep on top of your data protection
  - NIS 2Strengthen your cybersecurity
  - All standards and regulations
- Experience Level
  - New to ISO 27001?Don’t worry, we’ve got you covered
  - Looking to improve your compliance?Switch to a platform that gives you complete control
  - Enterprise-level complianceManage all your compliance needs with ISMS.online
- Sectors
  - Healthcare
  - Legal
  - FinTech
  - Retail
  - Automotive
  - Logistics
  - Public Sector
  - Gambling
  - Communications
  - Aviation
Customers
Learn
Partners
- Become a Partner
  - Become a PartnerTeam up with ISMS.online and empower your customers to achieve effective, scalable information management success
- Types of Partner
  - Service PartnersMake compliance your competitive advantage
  - AuditorsStreamline your audit practice
  - Technology PartnersIntegrate your products with ISMS.online
- Partner Services
  - Partner DirectoryConnect with trusted compliance experts
Log in
Get a quote
Book a demo

Get a quote Book a demo

Book a demo Get a quote

Platform
- Overview
- Features
  - Risk ManagementManage all your business risks in one place
  - Asset ManagementDynamic asset management solution
  - Supply Chain ManagementEffortlessly integrate your supply chain
  - IntegrationsEssential integrations at your fingertips
  - HeadStartGet certified up to 5x faster
  - Assured Results MethodYour path to certification success
  - Virtual CoachYour always-on guide to ISO 27001
  - Explore All Features
Solutions
- Frameworks
  - ISO 27001The information security standard
  - ISO 42001The Artificial Intelligence standard
  - ISO 27701Data privacy for your business
  - ISO 22301Streamline your business continuity
  - ISO 9001Simplify your quality management
  - GDPRKeep on top of your data protection
  - NIS 2Strengthen your cybersecurity
  - All standards and regulations
- Experience Level
  - New to ISO 27001?Don’t worry, we’ve got you covered
  - Looking to improve your compliance?Switch to a platform that gives you complete control
  - Enterprise-level complianceManage all your compliance needs with ISMS.online
- Sectors
  - Healthcare
  - Legal
  - FinTech
  - Retail
  - Automotive
  - Logistics
  - Public Sector
  - Gambling
  - Communications
  - Aviation
Customers
Learn
Partners
- Become a Partner
  - Become a PartnerTeam up with ISMS.online and empower your customers to achieve effective, scalable information management success
- Types of Partner
  - Service PartnersMake compliance your competitive advantage
  - AuditorsStreamline your audit practice
  - Technology PartnersIntegrate your products with ISMS.online
- Partner Services
  - Partner DirectoryConnect with trusted compliance experts
Log in
Get a quote
Book a demo

ISO 27701, Clause 8.3 – Obligations to PII Principals

ISO 27701 Controls and Clauses Explained

cultural,mix,of,young,people,working,in,a,company

ISO 27701 clause 8.3 governs how organisations are obliged to provide information to PII principals about how their PII is being processed, and to meet a range of legal, contractual and regulatory requirements in doing so.

ISO 27701 Clause 8.3.1 – Obligations to PII principals

Purpose of Clause 8.3.1

Organisations need to ensure that customers are are given adequate means to fulfil their (the organisation’s) obligations as a PII controller.

Guidance on Clause 8.3.1

Controllers’ obligations are governed by three factors:

Legislation.

Regulation.

Contracts.

Contracts should include any information or technical operations that allow the organisation to fulfil its obligations as a controller.

Various elements of ISO 27701 Clause 8.3 are applicable within UK GDPR legislation. Take a look at the below table for the corresponding references.

ISO 27701 Clause Identifier	ISO 27701 Clause Name	Associated GDPR Articles
8.3.1	Obligations to PII Principals	Articles (15), (17), (28)

How ISMS.online Helps

The ISMS.online platform offers integrated assistance at every stage, and our ‘Adopt, Adapt, Add’ implementation approach to ISO 27701, to make the process much easier. You will also benefit from a variety of time-saving features.

We make data mapping a simple task. It’s easy to record and review it all, adding your organisation’s details to our pre-configured dynamic Records of Processing Activity tool.

You’ll be ready when the worst happens. We make it easy to plan and communicate your breach workflow, and document and learn from each and every incident.

Find out more by booking a demo.

Jump to Topic

What is Clause 8.3.1?
Supporting GDPR Articles
How ISMS.online Helps

See ISMS.online
in action

Book a tailored hands-on session
based on your needs and goals
Book your demo

Unsure whether to build or buy?

Discover the best way to achieve ISMS success

Get your free guide