Updated guidance for privacy information management systems has been published by BSI, with the goal of meeting stringent requirements more accessible, practical and better at addressing increasingly complex privacy considerations.

The updated approach aims to address today’s complex privacy challenges and increasingly diverse regulatory requirements, including maintained mappings to the EU GDPR, as well as growing public demand for stronger data protection, by offering organisations in industries including technology, healthcare, finance, retail, and the public sector, a dedicated and certifiable privacy standard.

BSI said the newly revised international standard for PIMS, information security, cybersecurity and privacy protection marks a major milestone in the evolution of privacy standards. Crucially, it is no longer an extension of Information Security Management Systems (ISO/IEC 27001) and its controls (ISO/IEC 27002) but is now standalone guidance, broadening its relevance. Certification to it will no longer requires ISO/IEC 27001, making it relevant beyond traditional IT and security teams to include legal, compliance, and privacy professionals, and potentially reducing costs of compliance.

David Cuckow, director of digital at BSI, said: “Every day, concerns around privacy and protecting data grow, against a backdrop of rapid digital transformation, cloud adoption, and AI integration. This updated standard offers organisations a streamlined and effective approach to privacy management, simplifying compliance with key regulations like GDPR and CCPA. The standalone certification option also has the potential to reduce both the cost and complexity traditionally associated with privacy certification.

“This updated standard aims to strengthen governance and accountability by clarifying roles and responsibilities, helping organisations not only meet legal requirements but also build a competitive advantage and enhance their reputation in today’s privacy-conscious marketplace.”

---