ISO/IEC 27701:2019 is a standard for Privacy Information Management Systems
The goal of ISO/IEC 27701:2019 is to enhance the existing Information Security Management System (ISMS) with additional requirements to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).

Compared to ISO/IEC 27001, this standard includes additional requirements for understanding the organization's context and planning, as well as additional guidelines for implementing controls from Annex A.
ISO/IEC 27701 provides a framework for managing privacy controls of personal data for both data controllers and processors in order to reduce the risk of compromising personal data.

The standard consists of:
1. Specific PIMS requirements related to ISO/IEC 27001.
2. Specific PIMS guidelines related to ISO/IEC 27002.
3. Additional ISO/IEC 27002 guidelines for data controllers.
4. Additional ISO/IEC 27002 guidelines for data processors.
5. Six annexes, two of which are normative and four are informative:
◦ Annex A (normative) PIMS - specific reference controls and objectives (data controllers).
◦ Annex B (normative) PIMS - specific reference controls and objectives (data processors).
◦ Annex C (informative) Mapping to ISO/IEC 29100.
◦ Annex D (informative) Mapping to GDPR - General Data Protection Regulation.
◦ Annex E (informative) Mapping to ISO/IEC 27018 and ISO/IEC 29151.
◦ Annex F (informative) How to apply ISO/IEC 27701 to ISO/IEC 27001 and ISO/IEC 27002.

ISO/IEC 27701 is intended for certification as an extension to ISO/IEC 27001 certification. In other words, organizations seeking ISO/IEC 27701 certification must first be certified under the ISO 27001:2013 standard for information security.

ISO/IEC 27701 certification serves as evidence of compliance with the General Data Protection Regulation (GDPR) and other data protection laws.