ISO 29100 - Privacy Framework

    Standards and Frameworks

    ISO 29100 - Privacy Framework

    ISO/IEC 29100:2011 - Privacy Framework

    ISO 29100 provides a framework for organizations to supplement their existing security program to incorporate privacy principles and controls.

    Last Updated: July 30, 2019

  • General

    This standard provides guidelines for placing adequate security controls in all relevant stages of product development. An organization can place the security controls by developing the following:

    • A common privacy terminology;
    • Defining the actors and their roles in processing PII;
      • ISO 29100 provides the nature of relationships that may arise between a controller, processor, third party and data subjects. Under this standard, a third party is considered a new controller;
    • Describing privacy safeguarding considerations;
      • this standard provides personal attributes in various contexts that, as combination or stand-alone, may be considered PII. An organization is required to provide information to data subjects on being potentially identified through those attributes. The data subjects must also be provided with mechanism to limit processing of the attributes; and
    • Providing references to known privacy principles for information technology
      • there is a list of eleven privacy principles that an organization is required to implement in order achieve this standard. The list goes well beyond the OECD privacy principles. 


Want to learn more? Login to the full DataGuidance platform.

About OneTrust

OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit or connect on LinkedIn, Twitter and Facebook.