In the UK the under the General Data Protection Regulations (GDPR) individuals have the right to a copy of personal data that your organization holds about them. This is referred to as ‘subject access’ and frequently covered by a subject access request or SAR. The ICO recently issued guidance on how SARs should be handled.
Applying ISO 27701:2019 helps organisations to demonstrate effective risk controls covering SARs and other requirements, this via a tailored risk treatment plan relating to personal privacy. In the main information security management systems based on ISO 27001:2022 overall information security are supplement where required by ISO 27701:2022 requirements.
Follow the ICO link for SAR compliance guidance.
Follow the this link ISO 27001 consultancy for more on available support
