In my professional networking, I still encounter many colleagues in the field with crucial questions or uncertain concepts about privacy management in their organizations. Obviously, this largely depends on the business, but everyone agrees on one point: personal data is one of the most valuable assets we manage. Currently, all... stakeholders They expect more than promises – they demand proof of accountability.
In July of this year, the European organization ISO (International Organization for Standardization), in partnership with the IEC (International Electrotechnical CommissionISO 27701, launched a revised version of ISO/IEC 27701 as a response offering a globally approved and endorsed security framework. With the objectives of supporting companies in proactively managing and reducing risks and ensuring excellence by continuously improving privacy practices, ISO surprised many by releasing a standalone version of the management system standard.
Legal and operational security
The Brazilian Association of Technical Standards (ABNT) is working on the translation and adaptation process of the international standard, with possible publication in the first half of 2026 and the important task of carrying out the... fit with our General Law on the Protection of Personal Data (LGPD), given that the European standard is based, among other ISO standards, on the GDPR (General Data Protection Regulation).
Regardless of whether the purpose is certification or not, given the voluntary nature of standards, using ISO 27701 as framework For compliance with data protection legislation, this proves to be a sound and reliable option.
As a standard that guides companies in implementing, maintaining, and improving their personal data management system, the new version of ISO 27701 should be seen as a reference, a guide in meeting legal requirements, generating objective evidence of personal data processing. Such evidence represents legal and operational security for establishing reliable relationships with suppliers and customers.
Evolution in management
Applicable to organizations of any size and economic sector, including public and private companies, adopting ISO 27701 as a guideline for... compliance and confidentiality This can represent a reliable and secure path, especially in this new version that offers a more focused look at the complete lifecycle of personal data and the processing of data with... Artificial Intelligence (AI) and compliance with international standards and legislation. The latter, for example, supports the organization in operationalizing international data transfers.
Finally, expectations regarding the Brazilianization of ISO/IEC 27701 are high and justified by the evolution that its application can represent for company management. However, adoption by controllers and operators of personally identifiable information (PII) can already begin, since, as the European standard itself states, "the protection of privacy in the context of the processing of personally identifiable information (PII) is a social need, as well as a subject of specific legal requirements worldwide."
Want to read more articles by Ana Paula Copetti? Click here Learn more about the Digital ECA.
