Many information security professionals are familiar with ISO/IEC 27701, a standard for an Information Security Management System (ISMS). Since last year (2019) there is also a standard for a Privacy Information Management System (PIMS): ISO/IEC 27701:2019. This standard is an extension of ISO/IEC 27001 and has an Annex (D) which maps the provisions of this standard to the GDPR. During this Square Table Markus Gierschmann will explain the status and background of ISO/IEC 27701, its role in the ISO/IEC 27000-series, its relation to the GDPR, the significance of implementing this standard, the (future) possibilities to audit (conformity asssessment) and to certify against this standard and the possible meaning of all this for “the purpose of demonstrating compliance” with the GDPR “of processing operations by controllers and processors” (article 42 GDPR, Certification).
Speaker: Markus Gierschmann
Markus Gierschmann is the owner and founder of Gierschmann Consulting, a consulting firm that focuses on Data Protection Management, Data Protection Management Systems, and Data Protection Compliance. Prior to founding his own firm in 2012 Markus was a management consultant and partner in international consultancy firms such PricewaterhouseCoopers Management Consultancy, IBM Business Consulting, Lodestone Management Consultants (now Infosys).
Markus advises international clients in their global compliance efforts. In his projects he works closely with legal experts and IT security, to ensure a holistic approach to data protection. This is also show-cased in a book he published with the former president and vice president of the Bavarian supervisory authority on Data Protection Compliance according to GDPR (Kranig/Sachs/Gierschmann: Datenschutz-Compliance nach der DS-GVO, Reguvis-Verlag). As a DIN expert, Markus is involved in the development of standards on European (CEN/CENELEC) and International level (ISO), e.g. ISO/IEC 27701. Co-Editor of ISO/IEC 27557.
Markus is a regular speaker at national and international events on topics from his daily practice, particularly on data protection compliance and data protection management systems. Markus holds a Master in Industrial Engineering and Management from the Technical University of Hamburg, he is qualified as a Financial Economist (European Business School) and has the following data protection specific qualifications: CIPP/E, CIPM (IAPP), certified DPA (TÜV), and certified DPO (udis, TÜV).