prBAS EN ISO/IEC 27555:2026

This document contains guidelines for developing and establishing policies and procedures for deletion of personally identifiable information (PII) in organizations by specifying: —    a harmonized terminology for PII deletion; —    an approach for defining deletion rules in an efficient way; —    a description of required documentation; —    a broad definition of roles, responsibilities and processes. This document is intended to be used by organizations where PII is stored or processed. This document does not address: —    specific legal provision, as given by national law or specified in contracts; —    specific deletion rules for particular clusters of PII that are defined by PII controllers for processing PII; —    deletion mechanisms; —    reliability, security and suitability of deletion mechanisms; —    specific techniques for de-identification of data.