ISO/IEC 27701 — Privacy Information Management System (PIMS)
Extend an existing ISO/IEC 27001 ISMS with privacy-specific controls aligned with GDPR and KVKK. Auditable evidence of accountability under data protection law.
What ISO/IEC 27701 Provides
ISO/IEC 27701 is the international standard extending ISO/IEC 27001 and 27002 with privacy-specific requirements. It defines two distinct sets of controls: one for organisations acting as personal data controllers, the other for those acting as processors. Certification provides demonstrable, auditor-tested evidence of the accountability principle required by GDPR Article 24 and KVKK Article 12.
Engagement Scope
- Privacy maturity assessment against ISO/IEC 27701, GDPR, and KVKK requirements
- PIMS scope and role determination (controller, processor, joint controller)
- Record of Processing Activities (RoPA) — Article 30 GDPR / KVKK VERBIS
- Data Protection Impact Assessment (DPIA) framework and templates
- Lawful basis and consent management
- Data subject rights handling procedures (access, rectification, erasure, portability)
- Cross-border transfer mechanisms — Standard Contractual Clauses, adequacy, derogations
- Controller–processor agreements (Article 28)
- Breach notification procedures aligned with the 72-hour GDPR obligation
- Internal audit and certification body liaison
Integration with KVKK and GDPR Programmes
ISO/IEC 27701 certification is not a substitute for KVKK or GDPR compliance, but it provides a structured framework that significantly accelerates both. We deliver integrated programmes that produce a single set of artefacts demonstrating compliance with the regulation and conformance with the standard.
See also: KVKK Compliance · GDPR Compliance