British Standards Institution

Source:: CEN
Committee:: IST/33 - Information security, cybersecurity and privacy protection
Categories:: Information management | Standardization. General rules
Comment period start date:: 06/08/2025
Comment period end date:: 20/09/2025

Comment by:

20th Sep

Scope

This document gives guidelines for:

— a process on privacy impact assessments, and

— a structure and content of a PIA report.

It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII

Purpose

Current EN ISO/IEC 29134: 2020 is based on ISO/IEC 29134: 2017. However, ISO published a new version of ISO/IEC 29134 in May 2023. ISO/IEC 29134: 2023 replaces and withdraws ISO/IEC 29134: 2017 but EN ISO/IEC 29134: 2020 is still valid. It is necessary to implement ISO/IEC 29134: 2023 into European Standard and to withdraw EN ISO/IEC 29134: 2020.

Comment on proposal

Required form fields are indicated by an asterisk (*) character.

How important do you think standardization is in this area? *

Do you agree that a standard on this subject is feasible?: *

Please give reasons for your selections above: *

Would you or your organization use the standard? *

Would you or your organization be prepared to participate in the development of the standard or to comment on the draft when it is available? *

Are you aware of any regulation, existing standards and other good practice information in this area in the UK (e.g. Industry codes of practice; company specifications, international or European Standards)? *

Would the development of a standard(s) in this area have a particular impact/relevance to SME, consumer, environmental or societal interests? *

Are you aware of any other organizations to which this proposal may be relevant? If so please provide details below. *

Additional comments on the scope or proposal:

Although BSI will not usually enter into correspondence regarding individual comments or suggestions we may wish to contact you to seek further clarification. Please indicate whether this will be acceptable: *

Discard

Please email further comments to: debbie.stead@bsigroup.com

Standard timeline

1. Proposal

Proposal start date:

06/08/2025

Proposal end date:

20/09/2025

2. Draft

3. Public Comments

4. Comment Resolution

5. Approval

6. Publication

Learn more about the standards development process

Standards Development

New Work Item Proposal for adoption of ISO/IEC 29134:2023 Guidelines for privacy impact assessment

Scope

Purpose

Comment on proposal

Discard changes?

Submit comment

Submit comment

Follow standard

Unfollow standard

Error