Privacy Compliance.
Standalone.
Or Integrated.
Complify PIMS is built on ISO 27701:2025 — the first edition of the standard that can be implemented and certified independently, without ISO 27001 as a prerequisite. Whether you need a standalone privacy certification or want to integrate PIMS with an existing ISMS, Complify supports both paths.
3 DSARs pending · Earliest deadline: 8 days
ISO 27701 : 2025 —
Privacy, standalone.
ISO 27701:2025, released in October 2025, is a landmark revision. For the first time, organizations can implement and certify a Privacy Information Management System independently — without ISO 27001 as a prerequisite.
For organizations already holding ISO 27001, integration remains seamless — shared controls, combined audits, and a single platform for both programs.
See the Certification Paths →Everything your PIMS
needs. Unified.
Complify PIMS operationalizes every ISO 27701 requirement — from PII processing inventories and privacy risk assessments to data subject rights workflows and cross-border transfer management.
Document all PII processing activities with structured templates aligned to Annex A requirements. Capture data categories, retention periods, and legal basis in a searchable register.
Run ISO 27701-aligned privacy risk assessments integrated with your existing risk register. Identify and treat privacy risks across your entire processing landscape.
End-to-end DSAR workflow management with automated deadline tracking. Handle access, erasure, portability, and objection requests within statutory timeframes.
Document consent mechanisms, track revocations, and maintain evidence of valid consent across all processing activities requiring it as legal basis.
Map all international data transfers, document applicable transfer mechanisms (SCCs, BCRs, adequacy decisions), and maintain a compliant transfer register.
Generate a Privacy SoA aligned to ISO 27701 Annex A, B, and C — with justification for inclusions and exclusions, integrated with your ISO 27001 SoA if applicable.
Full coverage across
all three Annexes.
Complify PIMS provides built-in workflows, templates, and evidence automation for controls across Annexes A, B, and C of ISO 27701.
Document and maintain the legal basis for every PII processing activity in a structured register.
ControllerDetermine when and how consent is required, and manage consent lifecycle across all processing.
ControllerGenerate and maintain privacy notices aligned to ISO 27701 and GDPR transparency requirements.
ControllerDocument and manage DPAs with sub-processors, including due diligence and audit rights.
ProcessorAutomated workflows for all data subject request types with statutory deadline tracking.
ControllerMaintain complete RoPA aligned to GDPR Article 30 and ISO 27701 Annex A requirements.
BothDocument and enforce data minimisation principles across all processing activities.
ControllerFull register of sub-processors with change notification workflows and approval processes.
ProcessorISO 27701 certification
built on your ISMS.
If you already have ISO 27001 certification or are pursuing it with Complify ISMS, adding ISO 27701 is significantly faster — the foundations are already in place.
Define your path: standalone PIMS or integrated with an existing ISMS. Complify sets up the appropriate project structure, maps your PII processing landscape, and identifies interested parties.
Build your PII processing inventory, identify privacy risks across your processing landscape, and produce a privacy risk treatment plan with ownership assignments and target dates.
Implement privacy controls across all three Annexes. Complify tracks evidence, manages consent workflows, and automates DSAR handling — with a full audit trail for every action.
Complete your Statement of Applicability, run an internal privacy audit, and prepare your documentation package for the external certification body.
Grant your certification body structured access via the Complify auditor portal. Manage non-conformities, achieve ISO 27701 certification, then maintain continuous compliance.
Privacy is stronger
when connected.
ISO 27701:2025 is now a standalone standard — but for organizations managing both security and privacy, integration with Complify ISMS and GDPR remains the most efficient path.
The most efficient path — ISMS + PIMS. ISO 27701:2025 no longer requires ISO 27001 — but organizations running both benefit from shared controls and a single audit package.
ISO 27701 Annex D maps directly to GDPR articles. Complify PIMS and Complify GDPR share the same processing records, DSAR workflows, and breach notification tooling.
Privacy criteria (P series) in SOC 2 map to ISO 27701 controls. Complify automatically surfaces these overlaps — reducing total audit effort across both frameworks.
See Complify PIMS in action.
Our specialists will walk you through a tailored demo — showing how Complify PIMS extends your existing ISMS and maps directly to your GDPR obligations.