Data Privacy, Gdpr, Dpdpa, Pims And Iso/iec 27001

Data Privacy and Personal Data Protection has become a critical business requirement of global organizations which inevitably end up collecting and processing personal data of individuals in various business and operational contexts.

Various countries, states (such as US states) or regions (such as EU) have established or is in the process of establishing strong acts and regulations for the protection of personal data and the rights and interests of the individuals. European Union’s (EU) GDPR, United Kingdom’s DPA, California’s CCPA/CPRA, Canada’s PIPEDA, India’s DPDPA etc are prominent examples of the same.

Businesses and organizations that deal with personal data are obliged to comply with the applicable statutes and regulations. This requires the organization to establish and govern a strong Personal Information Management System (PIMS).

ISO/IEC 27701 is the international standard for Privacy / Personal Data Protection Management. It is one of the most sought-after certification scheme for global organizations as part of their risk management and assurance framework. This standard currently in its 2022 edition, lays down the specifications that need to be adopted by an organization in order to demonstrate its ability to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented Information Security Management System (ISMS) that will ensure effective and efficient protection of its information assets.

Wings2i partners with our clients as the knowledge partner to provide the end-to- end enablement, support and facilitation towards establishing a strong and effective PIMS in alignment with the applicable statutes and regulation, the ISO standard where needed and achieving the certification and/or compliance.

We provide the necessary services including:

• Subject matter expertise and guidance
• Baseline assessment and roadmap towards compliance / certification
• End-to-end guidance, advisory services and facilitation
• Professional Services towards:
• Organization and Personal information context establishment
• Data Protection Impact and Risk assessment and treatment,
• Documentation of ROPA, Policies, DPIA, DPA etc.
• Control and practices implementation,
• Training and awareness
• Internal audits and/or compliance verification
• Assistance towards closure of audit findings
• Management reviews
• Preparation of Certification
• Facilitation and support during certification.