With regard to data protection and privacy, there is no official certification framework, but with the LEET Security qualification you can efficiently prove due diligence in the protection of personal information.
Our legal regulations called LOPDGDD (Organic Law on Data Protection and Guarantee of Digital Rights) adapts the RGPD of the European Union to our national the legislative framework. It establishes that “those responsible and those in charge… will determine the appropriate technical and organizational measures that they must apply in order to guarantee and prove that the treatment is in accordance with the aforementioned regulation, with this organic law, its implementing regulations and the applicable sectoral legislation”.
As in the Regulation itself, compliance with the obligations imposed by the Law is not evident, leaving the implementation of security measures to the discretion of those responsible and in charge, based on the principle of responsibility.
We have incorporated into our methodology the contents of the regulation as controls to be implemented, and the measures established by the NIST privacy framework developed for this purpose and aligned with the OECD privacy principles), so that we can evaluate the specific degree of protection in relation to privacy, and provide you with a rating that will allow you to accredit your compliance.
Together with the rating you can obtain a Privacy Rating, which is awarded after verification of compliance with all practices linked to data protection regulations according to the assessed rating level.
The use of the methodology and LEET Security's own rating provide an efficient way to demonstrate due diligence when protecting personal information, providing a unique way to fulfill your obligations. This will allow you to:
Apply appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.
What are those appropriate measures? You can use for this the control framework provided by our rating methodology, which is based on best practices and international standards.
Guarantee and be able to demonstrate that the treatment is in accordance with the Regulations and the Law.
The cybersecurity stamp allows you to demonstrate the effective implementation of the corresponding measures, since it shows that they have been audited and verified by an independent professional entity.
Require to the providers (managers) to comply with the appropriate measures.
It is not enough to state it in the contract, but you must make sure of it. How to carry out this supervision without becoming a provider auditor? The requirement for the qualification of outsourced services guarantees that these have already been audited by the Agency. In addition, it makes it easier for the providers themselves to be able to demonstrate, to all clients of the same services, the level of protection applied.
To learn more about how we can help you meet your obligations, please contact us.