After a long wait, a new version of the ISO/IEC 27701 privacy standard was published by ISO in October 2025. This version gives ISO27701 its own management system rather than being an add-on to the ISO27001 information security standard, and allows an organisation to become certified to ISO27701 directly, without needing to have ISO27001 certification first.
Since its publication we here at CertiKit have been beavering away at an update to our popular ISO27701 Toolkit and today we are delighted to announce that this is released. Existing ISO27701 Toolkit customers will get this update free of charge via our lifetime update guarantee and can log on to their CertiKit account to download it.
We felt it was time to merge our existing EU GDPR and UK Data Protection toolkits into the ISO27701 Toolkit so these existing customers will also get this update free of charge.
Please note that, because of the significant increase in the size of this toolkit, we will soon be increasing the price to align it with our comprehensive ISO27001 toolkit.
What’s in the update?
Because the ISO27701 standard has been expanded to have its own management system this means that this toolkit update is a big one, with over one hundred new documents. The full range of management system-related documentation has been added, along with a set of information security controls now required in Annex A of the new standard.
We have also taken the opportunity to update the legislative information in the toolkit, particularly with regard to the UK Data (Use and Access) Act 2025 which amended some of the UK requirements in the UK GDPR and Data Protection Act 2018. The list of worldwide privacy legislation has been updated and some of the source legal documents in various countries included for reference.
The list of EU Adequacy Decisions has been updated, including the latest one in favour of the UK which landed in December 2025.
The impact assessment criteria used in the privacy risk assessments has been aligned with the recommendations in the ISO/IEC 27557 standard (a good read at 135 Swiss Francs if you’re serious about ISO27701 certification. By the way, while you’re on the ISO website you should also get a copy of the ISO/IEC 29100 Privacy Framework standard – it’s FREE!)
EU GDPR and UK Data Protection Toolkit Customers
If your focus is on just the EU GDPR or just privacy in the UK you will still find everything you need in the updated toolkit. Whereas our previous products took a article-by-article approach to compliance, we now strongly recommend that you put in place a Privacy Information Management System (PIMS) to manage your compliance efforts, whether or not you have any interest in certification to ISO27701. However we have still included mappings to the EU and UK GDPRs if you really need to focus on those articles.
Our EU GDPR and UK Data Protection toolkits are now being withdrawn from our website and our recommendation going forward is to embrace ISO27701 for your privacy needs.
Final Comments
This is a big change to the ISO27701 standard and it needed to be, as the international privacy legislation landscape is changing fast. For example, nineteen out of fifty US states now have local laws, with a Federal one still not looking likely in the near term. If you sell your products and services internationally then you’re going to need a robust PIMS to keep your organisation compliant and we believe our updated ISO27701 Toolkit is a good choice for putting one in place quickly and effectively.
