D&B has had its privacy and information security management systems independently audited against ISO 27701 and ISO 27001 standards in applicable markets, providing third-party assurance of its data governance controls.
This analysis describes what Dun & Bradstreet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
ISO 27701 certification is a recognized international benchmark for privacy information management, providing external validation that D&B's privacy controls meet a defined standard, though certification scope varies by market.
Interpretive note: Certification scope is market-specific and not universally applied across all D&B legal entities or geographies; the specific list is available only on a linked external page not reproduced in this document.
These certifications provide independent assurance that D&B's data management practices in certified markets meet internationally recognized privacy and security standards, which is relevant for business customers assessing D&B as a data supplier. The certification scope is market-specific and not universal across all D&B operations.
Cross-platform context
See how other platforms handle ISO 27701 and ISO 27001 Certification Commitment and similar clauses.
Compare across platforms →Monitoring
Dun & Bradstreet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"Our program has been designed and audited for compliance with ISO 27701, Privacy Information Management Systems (PIMS). In markets in which we are certified as compliant with ISO 27001, Information Security Management Systems (ISMS), we also hold an ISO 27701 certification (PIMS). These certifications are designated on the global ISO certifications page, where applicable.— Excerpt from Dun & Bradstreet's D&B Privacy Policy
REGULATORY LANDSCAPE: ISO 27701 is recognized by regulators including the EU data protection authorities as a relevant standard for demonstrating GDPR compliance, and may be cited as evidence of appropriate technical and organizational measures under GDPR Article 32. ISO 27001 is a widely adopted information security management standard. Neither certification constitutes legal compliance under GDPR, CCPA, or other frameworks, but both are material to vendor risk assessments. GOVERNANCE EXPOSURE: Low. ISO certifications are standard practice for enterprise data processors and provide procurement teams with a recognized baseline assurance mechanism. The primary governance consideration is confirming which specific D&B legal entities and geographic markets hold the certifications, as the document indicates they apply only where designated. JURISDICTION FLAGS: Certification scope is market-specific, meaning organizations in markets where D&B does not hold ISO 27701 certification cannot rely on this assurance. The D&B global ISO certifications page is referenced for market-specific designations, which should be verified during vendor due diligence. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should request copies of current ISO 27701 and ISO 27001 certificates as part of third-party risk assessments. Certificates should be verified for scope, validity period, and the specific legal entities covered. Standard vendor risk questionnaires should confirm whether the D&B entity that is the contractual counterparty holds the relevant certifications. COMPLIANCE CONSIDERATIONS: Organizations relying on D&B's ISO certifications to satisfy their own GDPR Article 28 due diligence obligations should supplement certification review with contractual data processing agreements that address the specific processing activities in scope. Annual re-certification audits are standard under ISO; compliance teams should confirm certification currency before contract renewal.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
ISO 27701 certification is a recognized international benchmark for privacy information management, providing external validation that D&B's privacy controls meet a defined standard, though certification scope varies by market.
These certifications provide independent assurance that D&B's data management practices in certified markets meet internationally recognized privacy and security standards, which is relevant for business customers assessing D&B as a data supplier. The certification scope is market-specific and not universal across all D&B operations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Dun & Bradstreet.