{"id":59929,"date":"2022-03-30T13:09:06","date_gmt":"2022-03-30T11:09:06","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=59929"},"modified":"2022-04-05T17:54:42","modified_gmt":"2022-04-05T15:54:42","slug":"iso-27701-data-protection","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/blog-dpo\/iso-27701-proteccion-de-datos\/","title":{"rendered":"How will ISO 27701 affect data protection?"},"content":{"rendered":"<p>With the entry into force of the General Data Protection Regulation (GDPR), many entities, as data controllers (RT), have been forced to implement <strong>security measures<\/strong>, both technical and organizational, taking into account the nature, scope, context and purposes of the processing as well as the risks of varying probability and severity for the rights and freedoms of natural persons (art.24), in such a way that HE <strong>ensure adequate security of personal data<\/strong> (art.32), including protection against unauthorized or illicit processing and against accidental loss, destruction or damage (Art.5).<\/p>\n\n\n\n<h2 class=\"gb-headline gb-headline-1ab09002 gb-headline-text\"><strong>ISO 27001<\/strong><\/h2>\n\n\n\n<p>However, despite being mentioned in several articles, little or nothing is told about <strong>what security measures should be implemented<\/strong> to achieve the objective set by the GDPR. That is why the organizations have decided to go to <strong>international security frameworks and standards<\/strong>, as the <strong>ISO 27001<\/strong> which, despite not being mandatory, has become in recent years a <strong>reference guide <\/strong>to introduce and implement systems of <strong>information security management.<\/strong><\/p>\n\n\n\n<h2 class=\"gb-headline gb-headline-aade5901 gb-headline-text\"><strong>ISO 27701<\/strong><\/h2>\n\n\n\n<p>Recently, it has been published <strong>ISO 27701<\/strong> <strong>about privacy information management<\/strong>. This standard is based on the requirements, control objectives and controls of the ISO 27001 standard and <strong>includes a set of privacy requirements, controls and control objectives<\/strong>, so that in the coming years organizations that already have ISO 27001 will be able to rely on this new framework to comply with the legal framework.<\/p>\n\n\n\n<p>However, to demonstrate the degree of compliance with the GDPR <strong>It is not enough to implement each of the controls in isolation,<\/strong> but a <strong>risk analysis<\/strong> and also execute a <strong>action plan<\/strong> to address those risks and thus verify the <strong>maturity level of the measures implemented<\/strong>s, that is, assess its effectiveness and establish corrective and improvement plans. And, as we have seen<strong>,<\/strong> the <strong>best tool<\/strong> To achieve this goal is the <strong>ISO 27701<\/strong>.<\/p>\n\n\n\n<p><br>Finally and in this sense, we must mention the recent <strong><a href=\"https:\/\/www.poderjudicial.es\/search\/AN\/openDocument\/bbb5f3256ed28cb7\/20220225%22\" target=\"_blank\" rel=\"noopener\">STS 543\/2022<\/a> <\/strong>which points out that, even if data controllers implement sufficient security measures, they may suffer security breaches, so <strong>Guaranteeing data security cannot be translated as an obligation of results, but of means<\/strong>. That is, those responsible for treatment have to do everything possible to prevent it from happening, even though the risk is never zero. And, to demonstrate that degree of involvement on the part of the person responsible, we will have no choice but <strong>turn to standards such as ISO 27701<\/strong>, a <strong>system<\/strong> recognized management <strong>internationally<\/strong> that can be audited and certified, such as <strong>GDPR compliance guarantee<\/strong>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Data controllers are obliged to implement technical and organizational measures to guarantee the security of personal data. In this post we will see the usefulness of ISO 27701 to design and implement these measures.<\/p>","protected":false},"author":117,"featured_media":59941,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[330,142],"tags":[],"class_list":["post-59929","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-dpo","category-blog"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/59929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=59929"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/59929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/59941"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=59929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=59929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=59929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}