In a context where data, digital identities, and information processes are at the heart of every activity, having authoritative technical references becomes a necessity.Three new fundamental standards for privacy, the erasure of personal data, and the certification of privacy management systems have now been adopted at the Italian level , thus becoming part of the UNI CEI ISO/IEC 27000 series and helping to enrich the range of clear, verifiable, and recognized tools for organizations to use to manage personal data responsibly, securely, and compliantly.
UNI CEI EN ISO/IEC 27701:2025
UNI CEI EN ISO/IEC 27701 represents an extension of UNI CEI ISO/IEC 27001 and UNI CEI ISO/IEC 27002 which adds specific requirements and guidelines for the management of personal information (PII) .The standard defines additional controls and specific requirements to support controllers and processors in the context of a Privacy Information Management System (PIMS) integrated within an ISMS.
The standard is intended for organizations that act as PII controllers and PII processors and that need to integrate privacy aspects into their information security management system.
To further explore the contents of this standard, the UNITRAIN Training Center has organized a specific course entitled "Personal data protection (privacy): understanding and applying the new ISO/IEC 27701:2025, the only international and certifiable standard." Two dates are currently available: December 2, 2025, and February 5, 2026. Sign up now!
UNI CEI EN ISO/IEC 27706:2025
The UNI CEI EN ISO/IEC 27706 standard specifies the requirements for bodies conducting audits and certification of information privacy management systems (PIMS) based on UNI CEI ISO/IEC 27701.The standard integrates the requirements already foreseen for management system audits by applying them to the specific context of information privacy.
It therefore establishes the requirements that allow for structured and consistent assessments of PIMS systems, in continuity with the provisions of the aforementioned UNI CEI ISO/IEC 27701.
The document is specifically addressed to audit and certification bodies that evaluate PIMS, enabling them to apply consistent criteria based on international standards.
UNI CEI EN ISO/IEC 27555:2025
The UNI CEI EN ISO/IEC 27555 standard defines more controls on the deletion of personal data.It actually provides guidelines for the deletion of personally identifiable information (PII).
It then defines shared terminology , describes required roles and documentation , provides guidance for defining deletion rules , and describes the processes that must support the deletion of PII.
It is therefore aimed at all organizations that handle PII and that need to structure policies and processes for its deletion, offering a framework for consistently defining and documenting the rules and processes related to the deletion of PII, contributing to clearer and more controlled management of this phase. (Source: https://www.uni.com/ )