The House of Data Imperiali bulletins are extracts from the articles of the Legal Information Service (SIG) edited by Mr. Rosario Imperiali d’Afflitto.

The SIG is available by subscription only.

For further information, please email:

ISO 31700 Privacy by design

The International Organization for Standardization (ISO) has announced that it will adopt “Privacy by design”-or data protection by design-as the ISO 31700 standard on February 7, 2023.

Compliance assessment

Initially, ISO 31700 will not be a standard that can be used to certify compliance with the requirements of this principle, as it will merely contain guidelines on the matter.

Compliance assessment is the demonstration that specific requirements are met. A requirement is defined as an ‘expression, in the content of a document, that conveys objectively verifiable criteria to be met and from which no deviation is permitted if conformity with the document is to be claimed.’ ISO international standards that do not contain requirements (i.e., do not contain the verbal expression ‘shall’) are not intended to be used for conformity assessment. ISO international standards are voluntary; they do not replace national laws to which users are considered to be in compliance which prevail.

Regarding certifications under the GDPR and their legal value see below.

GDPR certifications as an accountability tool