Privacy Information Management is complex but we’ve simplified it

Book your demo

office,colleagues,having,casual,discussion,during,meeting,in,conference,room.

Whether you call it personal or privacy information management the subject is growing quickly as a topic of business importance. Threats from massive fines and reputational issues are driving customers to mandate their suppliers show compliance with regulations like GDPR and its counterparts across the world.

Compliance with privacy requirements is complex and on top of broader information security management (i.e. for other information assets like commercial contracts, IPR and financial data) can be a real challenge. We can help you with various levels of privacy compliance and will also help you work out what level of privacy information management system (PIMS) you might need and why.

Privacy is a complex topic even when it comes to naming conventions

Whether your organisation is a controller or a processor, or both, it needs to protect the personal data of individuals. Personal data is any information that relates to an identified or identifiable individual. It can cover anything from a name and address, to a record of purchases made, to confidential medical records.

Personal data protection regulations and methods are developing fast. And there are different ways of describing the data you’re protecting. For example:

  • The UK Information Commissioner’s Office (ICO) calls it “personal data”
  • The British Standards Institute (BSI) calls it “personal information”
  • The International Standards Organisation (ISO) calls it “privacy information”

To keep things simple, we usually call it personal data.

Third parties also differ in their naming convention for management systems around it too, for example:

At least both of those specific terms shorten to PIMS, so that’s what we call it!

There are many benefits associated with a PIMS and it should be something that helps grow value for the organisation as well as help manage threats. Benefits include:

  1. Builds trust in your company’s perceived ability to manage personal information, both for customers and employees
  2. Provides increased assurance for stakeholders
  3. Supports compliance with the GDPR and other privacy regulations
  4. Improves structure and focus of data privacy management
  5. Embeds personal data management into the organization’s culture
  6. Takes a risk-based approach to data privacy management
  7. Encourages continual improvement to adapt to changes inside and outside the organisation
  8. More forward thinking versus competitors so helpful for winning new business with risk averse and powerful customers

Book your demo

See how simple
it is with
ISMS.online

Book a tailored hands-on session based on your needs and goals.

Book your demo

Book a demo to see our PIMS in action

The number of privacy frameworks are increasing as well

There are are a growing number of privacy frameworks which does not help the simplification goal and they broadly break down into 2 types:

Standards Led Privacy Frameworks e.g.

  1. ISO 27701 PIMS (ISO 27001 Extension)
  2. BS 10012 PIMS
  3. NIST Privacy Framework

Regional Privacy Frameworks & Regulations e.g.

  1. Local Data Protection Supervisory Authorities – Guidelines
  2. OECD (Organisation for Economic Co-operation and Development) Privacy Guidelines
  3. APEC Privacy Framework
  4. ICO UK GDPR Checklists
  5. State, national and country based regulations (e.g. POPIA, GDPR etc)

What is the right model for your organisation now and in the future?

We’ve turned the complexity into a simplified approach towards 5 levels of maturity.

It goes without saying that levels 1 and 2 are unlikely to demonstrate any form of protection or value for the organisation and its stakeholders. We can help you from Level 3–5.

Level 3 summary:
ICO Data Protection Assurance Checklist

  • Information Commissioner’s Office (ICO) – UK focus
  • A Self Assessment Toolkit
  • Helps to assess compliance with Data Protection Law
  • Clarifies next steps for the compliance journey

IDEAL FOR: Starting out your privacy management/data protection compliance journey in a recognised, structured and effective way.

Level 4:
BS 10012:2017+A1:2018

Data Protection – Specification for a personal information management system

  • British Standard, globally recognised
  • Follows ISO management system structure
  • Regulation based standard, GDPR and DPA
  • Stand alone, independent implementation
  • Can be aligned with, or certified to

IDEAL FOR: Implementing a regulation based PIMS where there is no need for an Information Security Management System (ISMS) i.e. you don’t need or have any intention of doing ISO 27001.

Level 5:
ISO/IEC 27701

Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines

  • International Standard, globally recognised
  • Information security based standard
  • Extension to ISO/IEC 27001, requires ISMS to include ISO 27001
  • Regulation agnostic, suitable for all
  • Can be aligned with, or certified to

IDEAL FOR: Implementing an information security based PIMS If you have an Information Security Management System (ISMS) or are willing to get one.

See the ICO framework built into ISMS.online

Level 4. BS 10012:2017+A1:2018

Data Protection – Specification for a personal information management system

  • British Standard, globally recognised
  • Follows ISO management system structure
  • Regulation based standard, GDPR and DPA
  • Stand alone, independent implementation
  • Can be aligned with, or certified to

IDEAL FOR: Implementing a regulation based PIMS where there is no need for an Information Security Management System (ISMS) i.e. you don’t need or have any intention of doing ISO 27001.

See our BS 10012 solution

Level 5. ISO/IEC 27701

Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines

  • International Standard, globally recognised
  • Information security based standard
  • Extension to ISO/IEC 27001, requires ISMS to include ISO 27001
  • Regulation agnostic, suitable for all
  • Can be aligned with, or certified to

IDEAL FOR: Implementing an information security based PIMS If you have an Information Security Management System (ISMS) or are willing to get one.

See our ISO 27701 PIMS solution

A suite of unique privacy management tools

We’ve preconfigured various PIMS solutions to meet your needs with the aim of simplification and ease of completion at their heart. As with all the ISMS.online features they are fit for use whether you are a newcomer, improver or an expert and the PIMS takes advantage of our tried and tested ISMS functionality.

In addition you can also:

Record all your data processing activities

We make data mapping a simple task. It’s easy to record and review it all, adding your organisation’s details to our pre-configured dynamic Records of Processing Activity tool.

A secure space for Subject Access Requests

You’ll need to show how well you manage Subject Access Requests. Our secure SAR space keeps it all in one place, supporting it with automated reporting and insight.

Powerful risk assessment and management tools

We’ve created a built-in risk bank and a range of other practical tools that’ll help with every part of the risk assessment and management process.

Simple privacy assessment templates

It’s easy to set up and run different kinds of privacy assessment, from data protection impact assessments to regulatory or compliance readiness ones.

Effective, responsive breach management

You’ll be ready when the worst happens. We make it easy to plan and communicate your breach workflow, and document and learn from each and every incident.

Plus a range of other specially-created tools

Our tried-and-tested people and progress management tools

Highly efficient project oversight and collaboration

Our workspace makes collaboration easy and simplifies progress monitoring, with a simple approval process and automated reviews built in as standard.

Optional supply chain management tools

We can help you show that you’re in control of your supply chain, covering everything from contracts and contacts to relationship and performance management and monitoring.

Help and support engaging your people

Your staff need to be right at the heart of your GDPR solution. Our optional comms and engagement tools can help you bring them on board and keep them compliant.

Build the business case for your ISMS

Get your guide

The proven path to ISO 27001 success

Built with everything you need to succeed with ease, and ready to use straight out of the box – no training required!
Policies

Perfect Policies & Controls

Easily collaborate, create and show you are on top of your documentation at all times

Find out more
Risk-Management

Simple Risk Management

Effortlessly address threats & opportunities and dynamically report on performance

Find out more
Reporting

Measurement & Automated Reporting

Make better decisions and show you are in control with dashboards, KPIs and related reporting

Find out more
Audits

Audits, Actions & Reviews

Make light work of corrective actions, improvements, audits and management reviews

Find out more
Linking

Mapping & Linking Work

Shine a light on critical relationships and elegantly link areas such as assets, risks, controls and suppliers

Find out more
Assets

Easy Asset Management

Select assets from the Asset Bank and create your Asset Inventory with ease

Find out more
Seamless-Integration

Fast, Seamless Integration

Out of the box integrations with your other key business systems to simplify your compliance

Find out more
Standards-Regulations

Other Standards & Regulations

Neatly add in other areas of compliance affecting your organisation to achieve even more

Find out more
Compliance

Staff Compliance Assurance

Engage staff, suppliers and others with dynamic end-to-end compliance at all times

Find out more
Supply-Chain

Supply Chain Management

Manage due diligence, contracts, contacts and relationships over their lifecycle

Find out more
Interested-Parties

Interested Party Management

Visually map and manage interested parties to ensure their needs are clearly addressed

Find out more
Privacy

Strong Privacy & Security

Strong privacy by design and security controls to match your needs & expectations

Find out more
 

100% of our users achieve ISO 27001 certification first time

Start your journey today
See how we can help you

Streamline your workflow with our new Jira integration! Learn more here.