D&B has had its privacy and information security management systems independently audited against ISO 27701 and ISO 27001 standards in applicable markets, providing third-party assurance of its data governance controls.
This analysis describes what Dun & Bradstreet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
ISO 27701 certification is a recognized international benchmark for privacy information management, providing external validation that D&B's privacy controls meet a defined standard, though certification scope varies by market.
Interpretive note: Certification scope is market-specific and not universally applied across all D&B legal entities or geographies; the specific list is available only on a linked external page not reproduced in this document.
These certifications provide independent assurance that D&B's data management practices in certified markets meet internationally recognized privacy and security standards, which is relevant for business customers assessing D&B as a data supplier. The certification scope is market-specific and not universal across all D&B operations.
How other platforms handle this
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
Monitoring
Dun & Bradstreet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Our program has been designed and audited for compliance with ISO 27701, Privacy Information Management Systems (PIMS). In markets in which we are certified as compliant with ISO 27001, Information Security Management Systems (ISMS), we also hold an ISO 27701 certification (PIMS). These certifications are designated on the global ISO certifications page, where applicable.— Excerpt from Dun & Bradstreet's D&B Privacy Policy
REGULATORY LANDSCAPE: ISO 27701 is recognized by regulators including the EU data protection authorities as a relevant standard for demonstrating GDPR compliance, and may be cited as evidence of appropriate technical and organizational measures under GDPR Article 32. ISO 27001 is a widely adopted information security management standard. Neither certification constitutes legal compliance under GDPR, CCPA, or other frameworks, but both are material to vendor risk assessments. GOVERNANCE EXPOSURE: Low. ISO certifications are standard practice for enterprise data processors and provide procurement teams with a recognized baseline assurance mechanism. The primary governance consideration is confirming which specific D&B legal entities and geographic markets hold the certifications, as the document indicates they apply only where designated. JURISDICTION FLAGS: Certification scope is market-specific, meaning organizations in markets where D&B does not hold ISO 27701 certification cannot rely on this assurance. The D&B global ISO certifications page is referenced for market-specific designations, which should be verified during vendor due diligence. CONTRACT AND VENDOR IMPLICATIONS: Procurement and vendor management teams should request copies of current ISO 27701 and ISO 27001 certificates as part of third-party risk assessments. Certificates should be verified for scope, validity period, and the specific legal entities covered. Standard vendor risk questionnaires should confirm whether the D&B entity that is the contractual counterparty holds the relevant certifications. COMPLIANCE CONSIDERATIONS: Organizations relying on D&B's ISO certifications to satisfy their own GDPR Article 28 due diligence obligations should supplement certification review with contractual data processing agreements that address the specific processing activities in scope. Annual re-certification audits are standard under ISO; compliance teams should confirm certification currency before contract renewal.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
ISO 27701 certification is a recognized international benchmark for privacy information management, providing external validation that D&B's privacy controls meet a defined standard, though certification scope varies by market.
These certifications provide independent assurance that D&B's data management practices in certified markets meet internationally recognized privacy and security standards, which is relevant for business customers assessing D&B as a data supplier. The certification scope is market-specific and not universal across all D&B operations.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Dun & Bradstreet.