Spain’s standardization and certification association, AENOR, has handed out to GMV Secure e-Solutions the first certificate based on the privacy information management standard ISO/IEC 27701, a privacy extension to the information security standard ISO/IEC 27001 and the security control standard ISO/IEC 27002.

Working from the principle of proactive responsibility, ISO/IEC 27701 certification, helps organizations to comply with the principles and obligations laid down by data protection and privacy legislation, such as the European Data Protection Regulation (GDPR) and Spain’s Data Protection and Guarantee of Digital Rights Law (Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales: LOPDGDD).

This certification represents for GMV an improvement in its management system, with all the knock-on benefits that entails. It also gives the country a special competitive edge, bringing privacy into a synergistic package along with confidentiality, integrity and availability. Becoming the first company in Spain to obtain this certification, in the words of Mariano J. Benito, CISO/security manager of GMV’s Secure e-Solutions sector, "is part of our ongoing strategy of obtaining international standards, looking for continual improvement and innovation in fields like privacy and data protection, which have not as yet been fully integrated in all organizations’ processes".

According to Boris Delgado, AENOR’s ICT manager, "society is increasingly expecting organizations to show due diligence in data management and demonstrate this in practice. Leading organizations like GMV mark out the path to follow for all go-getting companies".

Right from its start in 1984, GMV has shown its determination to certify its procedures under the most demanding standards. This latest certification once more makes GMV a trailblazer in the adoption of new standards, just as it was back in 2004 with its security certification under ISO 27001 (the doyen of the standards currently in place in Spain).

The setting up of a privacy management system under ISO 27701 has been carried out wholly by GMV, drawing on its experience, methodologies and experts in management cybersecurity and data protection.