ISO/IEC standards as mechanisms of proactive responsibility in the General Data Protection Regulation

Article Sidebar

PDF (Castellano) epub (Castellano)

Main Article Content

Jorge Agustín Viguri Cordero
Jaume I University

The certification market has experienced an unprecedented rise after the entry into force and the effective application of the GDPR. This forces us to closely highlight the relevance of these mechanisms as key prevention elements of personal data breaches. In this paper, we examine how the technical nature of these instruments has given way to co-regulation for efficient adaptation to continuing changes with regard to a wide range of products, services or systems. To this end, we aim at providing a holistic overview of almost every standards that affect the privacy and data protection dimensions, specifically those that derive from the international reference standard ISO/IEC 27000 (series), specifically, ISO/ IEC 27001 (Information Security) and 27701 (Privacy Information Management). Standards that represent a first relevant starting point framed within the proactive responsibility, providing organisations with some effective instruments to demonstrate GDPR compliance.

Keywords
certification mechanisms, proactive responsibility, GDPR, ISO/IEC 27001, ISO/IEC 27701

Article Details

How to Cite
Viguri Cordero, Jorge Agustín. “ISO/IEC standards as mechanisms of proactive responsibility in the General Data Protection Regulation”. IDP. Internet, Law and Politics E-Journal, 2021, no. 33, doi:10.7238/idp.v0i33.376366.
Rights
Creative Commons License

This work is licensed under a Creative Commons Attribution-NoDerivatives 3.0 Unported License.

(c) Jorge Agustín Viguri Cordero, 2021


Copyright

Contents published in IDP are subject to a Creative Commons Attribution-No Derivative Works 3.0 Spain licence, the full text of which can be consulted on http://creativecommons.org/licenses/by-nd/3.0/es/deed.en.

Thus, they may be copied, distributed and broadcast provided that the author and IDP are cited, as shown in the recommended citation that accompanies each article. Derivative works are not permitted.

Authors are responsible for obtaining the necessary permission to use copyrighted images.

 

Assignment of intellectual property rights

The author non exclusively transfers the rights to use (reproduce, distribute, publicly broadcast or transform) and market the work, in full or part, to the journal’s editors in all present and future formats and modalities, in all languages, for the lifetime of the work and worldwide.

The author must declare that he is the original author of the work. The editors shall thus not be held responsible for any obligation or legal action that may derive from the work submitted in terms of violation of third parties’ rights, whether intellectual property, trade secret or any other right.

Author Biography

Jorge Agustín Viguri Cordero, Jaume I University

Assistant professor doctor (accredited to doctor contract) in the area of Constitutional Law from Jaume I University. He was researcher in the CRISP European Project (Evaluation and Certification Schemes for Security Products) and also involved in Phaedra II (Improving Practical and Helpful Cooperation Between Data Protection Authorities), both funded for European Comission.

His lines of research include the right to the protection of personal data and the right to international protection. Author of monograph “Seguridad y protección de datos en el Sistema Europeo Común de Asilo” (Tirant lo Blanch, 2020) and more than ten publications in different influential scientific journals and book chapters.

References

BURILLO ZAMORA L. (2020). «Efecto y modo de implantación de la nueva ISO/IEC 27701:2019 en el ámbito empresarial», La Ley privacidad, núm. 3 (Enero-marzo 2020).

CHATZIPOULIDIS, A.; TSIAKIS, T.; KARGIDIS, T. (2029). «A readiness assessment tool for GDPR compliance certification». Computer Fraud & Security, núm. 8 [en línea] DOI:10.1016/S1361-3723(19)30086-7 [Fecha de consulta: 23 de abril de 2021].

LACHAUD, E. (2020). ISO/IEC 27701: Threats and Opportunities for GDPR Certification [en línea] https://ssrn.com/abstract=3521250 [Fecha de consulta: 23 de abril de 2021].

PANDIT HARSHVARDHAN J., KROG G. P. (2021). «Comparison of notice requirements for consent between ISO/IEC 29184:2020 and GDPR». Journal of Data Protection & Privacy, vol. 4, núm. 2, pp. 193-204 [en línea] http://doi.org/10.5281/zenodo.4444926 [Fecha de consulta: 7 de mayo de 2021].

PASCUAL HUERTA, P. (2017). La génesis del derecho fundamental a la protección de datos Personales [tesis doctoral]. Madrid: Universidad Complutense [en línea] https://eprints.ucm.es/id/eprint/43050/1/T38862.pdf [Fecha de consulta: 23 de abril de 2021].

RABAZO AUÑÓN, N. (2019). «Los códigos de conducta y las certificaciones en el RGPD (Arts. 40-43 RGPD. Arts. 38-39 y Disposición transitoria segunda LOPDGDD». En: LÓPEZ CALVO, J. (coord.). La adaptación al nuevo marco de protección de datos tras el RGPD y la LOPDGDD. Madrid: Wolters Kluwer.

RALLO LOMBARTE, A. (2019). «El nuevo derecho de protección de datos». Revista Española de Derecho Constitucional, núm. 116 [en línea] https://doi.org/10.18042/cepc/redc.116.02 [Fecha de consulta: 23 de abril de 2021].

RODRIGUES, R. (2018). «Conclusion: What Next for Privacy Seals?». En: RODRIGUES, R.; PAPAKONSTANTINOU, V. (eds.). Privacy and Data Protection Seals. Information Technology and Law Series, vol. 28. T.M.C. Asser Press, The Hague [en línea] https://doi.org/10.1007/978-94-6265-228-6_9 [Fecha de consulta: 23 de abril de 2021].

RODRIGUES, R.; BARNARD-WILLS, D.; WRIGHT, D.; DE HERT, P.; PAPAKONSTANTINOU, V. (2013). EU Privacy seals project, Inventory and Analysis of Privacy Certification Schemes: Final Report Study Deliverable 1.4, Comisión Europea. Luxemburgo: Oficina de publicaciones de la Unión Europea [en línea] https://publications.jrc.ec.europa.eu/repository/handle/JRC85092 [Fecha de consulta: 23 de abril de 2021].

RODRIGUES, R.; WRIGHT, D.; WADHWA, K. (2013). «Developing a privacy seal scheme (that works)». International Data Privacy Law, vol., 3, núm. 2 [en línea] https://doi.org/10.1093/idpl/ips037 [Fecha de consulta: 23 de abril de 2021].

SÁIZ PEÑA, C. A. (2019). «Seguridad de los datos, evaluación de impacto, códigos de conducta y certificación». En: RALLO LOMBARTE, A. (ed.). Tratado de Protección de Datos. Actualizado con la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales. Valencia: Tirant lo Blanch.

VIGURI CORDERO, J. (2019). «Los mecanismos de certificación en la Ley orgánica de Protección de Datos y garantía de los derechos digitales: un nuevo paradigma a la luz del RGPD». En: GARCÍA MAHAMUT, R.; TOMÁS MALLÉN, B. (eds.). El Reglamento General de Protección de Datos. Un enfoque nacional y comparado. Especial referencia a la LO 3/2018 de Protección de Datos y garantía de los derechos digitales. Valencia: Tirant Lo Blanch.

VIGURI CORDERO, J. (2015). «Los mecanismos de certificación (códigos de conducta, sellos y marcas)». En: RALLO LOMBARTE, A.; GARCÍA MAHAMUT, R. (eds.). Hacia un nuevo derecho europeo de protección de datos. Valencia: Tirant lo Blanch.

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.