PII
Skill packages tagged with “PII”
ISO 27701 Controller Controls (Annex A)
Implement and document ISO 27701 Clause 7 and Annex A controls specific to PII controllers. Covers conditions for collection/processing, obligations to PII principals, privacy by design/default, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.
ISO 27701 DPIA Program
Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing activities for high-risk triggers, conduct individual DPIAs, and track risk mitigation with residual risk assessment.
ISO 27701 PII Processing Inventory
Build the PII processing inventory (Record of Processing Activities / ROPA) and data flow map for ISO 27701. Catalogs every processing activity with purpose, legal basis, data categories, PII principals, recipients, retention periods, and cross-border transfers. Produces a data flow map showing PII flows between systems, parties, and jurisdictions.
ISO 27701 PIMS Extension Author
Guided elaboration of PIMS documentation as an extension to ISMS: PII processing inventory, privacy objectives, processing purposes and legal basis, controller/processor annex controls, and privacy policy drafting aligned to Clause 6 controller obligations.
ISO 27701 Privacy Risk Assessment
Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical harm, financial loss, discrimination, reputational damage, emotional distress, loss of autonomy, identity theft, social disadvantage — not organizational CIA-triad categories), identifies privacy threats per processing activity and PII principal category, scores risks on a 5x5 privacy impact matrix, assesses DPIA triggers per GDPR Art. 35 / EDPB WP248 rev.01, and plans treatment using privacy-specific options (minimize, pseudonymize, anonymize, consent, purpose limitation, encryption, deletion).
ISO 27701 Processor Controls (Annex B)
Implement and document ISO 27701 Clause 8 and Annex B controls specific to PII processors. Covers conditions for processing, obligations to PII principals, privacy by design/default, sub-processor management, and PII sharing/transfer/disclosure with implementation status, evidence, and justification for exclusions.
Privacy & PII Protection Program
Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record of Processing Activities (ROPA), Data Protection Impact Assessment (DPIA) template, data subject rights procedure, and data breach notification procedure with jurisdiction-specific regulatory timelines.