TLScontact recently received confirmation of the award of its new global ISO 27701 Privacy Information Management Standard certification. Introduced in 2019, ISO 27701 has become the industry-leading standard in data privacy. As the first company in the visa services sector to achieve this prestigious international certification, we are today taking a step further in demonstrating our implementation of ‘privacy by design’ in all our business processes, essential to the secure processing of visa applications that we carry out on behalf of our government clients around the world.
TLScontact recently received official notification that it had obtained the ISO 27701 data privacy standard, following a series of independent external audits of its data privacy policies and processes. As part of the Teleperformance (TP) group, we had already implemented a wide range of personal data protection controls, in line with the Teleperformance international Privacy Programme. Achieving the ISO 27701 certification was the next step in this process, confirming our adherence to the highest international requirements in data privacy.
ISO 27701, the new international reference with regard to data privacy
The new ISO 27701 standard was published in August 2019. Building on the ISO 27001 Information Security Management Standard, it sets out additional requirements to establish, maintain and continually improve a Privacy Information Management System (PIMS), to ensure the secure processing of personal data.
New measures to protect data privacy
During a year-long project with the TP Privacy Office, we carried out the following actions:
- A complete review and update of all our existing policies, to bring them in line with the most stringent requirements in terms of data privacy.
- The introduction of a Data Privacy Impact Assessment (DPIA) for all new projects and business changes.
- The creation of a central data record, detailing all our data processing activities, as both Data Processor, on behalf of our government clients, and Data Controller.
- The establishment of working processes to manage data privacy matters with our clients’ data protection offices
- The implementation of new processes to manage data protection when working with third parties.
- The introduction of regular privacy training for all TLScontact employees.
These measures are all essential to ensuring the implementation of ‘privacy by design and by default’ across our organisation and business activities. They have been accompanied by extensive work with our Technology teams to design and implement the relevant system architecture to ensure the safe storage and transfer of personal data, as part of our day-to-day visa processing activities and respecting the latest national and international data privacy standards and regulations.
An important new milestone in secure data processing
According to Greg Lane, Director Compliance & Continuous Improvement at TLScontact:
“We are delighted to have obtained this new certification, which confirms that the processes and systems we have put in place meet the highest international data privacy standards. This was a critical step for our company, as a service provider working with governments to process confidential applicant data. This ISO 27701 certification demonstrates once more to our government clients and to the customers who use our services that we can be trusted to process personal data in a safe, secure manner.”