Since 2016, within a relatively short period, Data Protectionlegislation has been passed both in the UK and in the EUwhich shaped the requirements necessary to ensure theprivacy of personal data which is taken by organisations.Both the EU General Data Protection Regulation (GDPR) andUK Data Protection Act 2018 (DPA) are now applicable to allorganisations, regardless of sector, in the United Kingdom. Therelative speed at which this legislation has been established hasleft some organisations unable to adequately respond, and wellpublicised breaches have occurred.Despite the well signposted roll out of both pieces of legislature,neither regulation provides specific guidance on what measuresshould be taken to ensure compliance with their requirements.Further, existing standards do not have, in most cases, a robustenough set of clauses or controls to ensure data privacy isaddressed in full through implementation of managementsystems.The International Organisation for Standardisation (ISO) andthe International Electrotechnical Commission (IEC) havedeveloped a new standard to provide the necessary guidancefor businesses to effectively address data privacy and ensurethe gap between existing management systems requirementsand privacy data legislation is effectively bridged.