Understanding Clause 8.3: Obligations to PII Principals in ISO 27701
ISO 27701 clause 8.3 governs how organisations are obliged to provide information to PII principals about how their PII is being processed, and to meet a range of legal, contractual and regulatory requirements in doing so.
ISO 27701 Clause 8.3.1 – Obligations to PII principals
Purpose of Clause 8.3.1
Organisations need to ensure that customers are are given adequate means to fulfil their (the organisation’s) obligations as a PII controller.
Guidance on Clause 8.3.1
Controllers’ obligations are governed by three factors:
- Legislation.
- Regulation.
- Contracts.
Contracts should include any information or technical operations that allow the organisation to fulfil its obligations as a controller.
ISO 27001 made easy
An 81% Headstart from day one
We’ve done the hard work for you, giving you an 81% Headstart from the moment you log on. All you have to do is fill in the blanks.
Supporting GDPR Articles
Various elements of ISO 27701 Clause 8.3 are applicable within UK GDPR legislation. Take a look at the below table for the corresponding references.
| ISO 27701 Clause Identifier | ISO 27701 Clause Name | Associated GDPR Articles |
|---|---|---|
| 8.3.1 | Obligations to PII Principals | Articles (15), (17), (28) |
How ISMS.online Helps
The ISMS.online platform offers integrated assistance at every stage, and our ‘Adopt, Adapt, Add’ implementation approach to ISO 27701, to make the process much easier. You will also benefit from a variety of time-saving features.
We make data mapping a simple task. It’s easy to record and review it all, adding your organisation’s details to our pre-configured dynamic Records of Processing Activity tool.
You’ll be ready when the worst happens. We make it easy to plan and communicate your breach workflow, and document and learn from each and every incident.
Find out more by booking a demo.
