THE USE OF CERTIFICATION MECHANISMS AS AN EFFICIENT GUARANTEE OF PERSONAL DATA PROTECTION

The purpose of this paper is to analyse the certification mechanisms in force since the effective application of the General Data Protection Regulation (GDPR). As a starting point, we approach these mechanisms from their eminently technical focus and their approximation to the field of data protection law. Next, we examine the regulation of certification mechanisms in the GDPR and the initiatives that have recently been promoted in Spain, France and the United Kingdom by their respective data protection agencies. We then move on to the study of the ISO/IEC 27000 series of international standards, and more specifically ISO/IEC 27001 (information security) and 27701 (privacy information management) and their corresponding updates. Finally, the most immediate benefits of these initiatives and their scope for improvement in the short-term future are highlighted, once the most relevant limitations affecting effective compliance with the aforementioned regulation have been identified.