Expert Advice Community

Home / ISO 27001 & 22301 / Personal data

Guest

Personal data

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Apr 30, 2018 Last commented:   Apr 30, 2018

Personal data

ISO 27001 & 22301
During an ISO 9001 Internal audit, what information is considered as personal data?
0 0

Assign topic to the user

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR & ISO 27001 INTEGRATED DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Apr 30, 2018

Answer: Broadly speaking, any information that can identify or be related to an identifiable natural person must be considered personal data (e.g., name, address, email address, etc.).

Considering that, the most common information gathered during an internal audit that is personal data refers to employees and to their competence records. Depending upon the QMS scope, an auditor may have access to organization's clients personal data (e.g., when the organization's scope includes customer support services, or financial processes), so you should consider evaluating the scope statement to identify other types of personal data that auditor may be find.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 30, 2018

Apr 30, 2018

Suggested Topics
Guest user Created:   Sep 01, 2016 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and personal data protection
Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Controls to address personal data
Michael Teo Created:   Dec 21, 2022 ISO 27001 & 22301
Replies: 1
0 0

What are the laws and regulations to be included in the ISO 27001 Register of Requirements?