oSIST prEN ISO/IEC 27555:2025

SLOVENSKI STANDARD
01-januar-2025
Informacijska varnost, kibernetska varnost in varovanje zasebnosti - Smernice o
izbrisu osebnih podatkov (ISO/IEC 27555:2021)
Information security, cybersecurity and privacy protection - Guidelines on personally
identifiable information deletion (ISO/IEC 27555:2021)
Informationssicherheit, Cybersicherheit und Datenschutz - Richtlinien zur Löschung
persönlich identifizierbarer Informationen (ISO/IEC 27555:2021)
Sécurité de l’information, cybersécurité et protection de la vie privée - Lignes directrices
relatives à la suppression des informations personnellement identifiables (ISO/IEC
27555:2021)
Ta slovenski standard je istoveten z: prEN ISO/IEC 27555
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO/IEC
STANDARD 27555
First edition
2021-10
Information security, cybersecurity
and privacy protection — Guidelines
on personally identifiable information
deletion
Sécurité de l’information, cybersécurité et protection de la
vie privée — Lignes directrices relatives à la suppression des
informations personnellement identifiables
Reference number
ISO/IEC 27555:2021(E)
© ISO/IEC 2021
ISO/IEC 27555:2021(E)
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2021 – All rights reserved

ISO/IEC 27555:2021(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms.3
5 Framework for deletion . 3
5.1 General . 3
5.2 Constraints. 4
5.3 Clusters of PII . 4
5.4 Retention period and regular deletion period . 5
5.4.1 Retention period . 5
5.4.2 Regular deletion period . 5
5.4.3 Allocation of clusters of PII . 6
5.5 Archives and backup copies . . 6
5.6 Standard deletion periods, starting points, deletion rules and deletion classes . 7
5.7 Special situations . 7
5.8 Documentation of policies and procedures . 8
6 Clusters of PII . 8
6.1 General . 8
6.2 Identification . 9
6.3 Documentation . 10
7 Specification of deletion periods .10
7.1 Standard and regular deletion periods . 10
7.2 Regular deletion period specifications . 11
7.3 Standard deletion period identification . 11
7.4 Deletion period specifications for special situations .12
7.4.1 General .12
7.4.2 Modification of data objects .12
7.4.3 Need to extend period of active use . 13
7.4.4 Suspension of the deletion . 13
7.4.5 Backup copies . 13
8 Deletion classes .14
8.1 Abstract starting points — abstract deletion rules . 14
8.2 Matrix of deletion classes.15
8.3 Allocation of deletion classes and definition of deletion rules . 16
9 Requirements for implementation .16
9.1 General . 16
9.2 Conditions for starting points outside IT systems . 18
9.3 Requirements for implementation for organization-wide aspects . 18
9.3.1 General . 18
9.3.2 Backup . 18
9.3.3 Logs . 19
9.3.4 Transmission systems . 19
9.3.5 Repair, dismantling and disposal of systems and components . 19
9.3.6 Everyday business life . 19
9.4 Requirements for implementation for individual IT systems . 20
9.5 Deletion in regular manual processes . 21
9.6 Requirements for implementation for PII processor . 21
9.7 Control deletion in special cases . 21
9.7.1 Exception management . 21
iii
© ISO/IEC 2021 – All rights reserved

ISO/IEC 27555:2021(E)
9.7.2 Further sets of PII . 22
10 Responsibilities . .22
10.1 General .22
10.2 Documentation .23
10.3 Implementation . . 24
Bibliography .25
iv
© ISO/IEC 2021 – All rights reserved

ISO/IEC 27555:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance
are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria
needed for the different types of document should be noted. This document was drafted in
accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see patents.iec.ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of t
...