Personal data protection law and risk analysis: a practical approach
DOI:
https://doi.org/10.5944/rduned.35.2025.45877Keywords:
privacy, GDPR, risk, rights, impactAbstract
In a social environment characterized by the massive availability of our data to organizations with increasing capacity to process them and extract valuable information, the protection of personal data is not only a constitutionally recognized right, but also has the character of a guarantee of other rights.
The protection of these rights, in accordance with the General Data Protection Regulation, must be implemented through a risk management process for which there are multiple methodological proposals, from those specific to the protection of personal data, developed by various control authorities, or the ISO 29134 standard; to others of a generic nature, such as the ISO 31000 standard; or specific to the field of information security, such as the ISO 27005 or MAGERIT standard.
This article explores the particularities of each of these methodologies and, based on various interviews and the analysis of internal regulations and the process of implementing a risk management system in a real organization, proposes various recommendations and good practices for risk management on the rights and freedoms of natural persons.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Revista de Derecho de la UNED (RDUNED)
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Las obras están bajo una Licencia Creative Commons Atribución-NoComercial-SinDerivar 4.0 Internacional.
Se pueden copiar, usar, difundir, transmitir y exponer públicamente, siempre que:
- Se cite la autoría y la fuente original de su publicación (revista, editorial y URL de la obra).
- No se usen para fines comerciales.
- Se mencione la existencia y especificaciones de esta licencia de uso.
