Royal Decree 1720/2007, which repeals Royal Decree 994/1999, on security measures for automated files containing personal data, is a huge revision that reflects the weight that this matter has acquired over time. If the previous regulation consisted of 29 articles, the current one consists of 158. On the other hand, we must also highlight the important fact that, unlike the previous one, it also regulates the security measures applicable to non-automated treatments (paper). < / p>
One of the most relevant parts of the regulation is Title VIII (Article 79 to Article 114) that describes the security measures in data processing, whether these treatments are automated or not automated. Security measures
The concrete measures that the regulation obliges to comply depend fundamentally on the nature of the data. In that sense, the measures are structured roughly as follows:
Depending on the level of security applicable to the data, the regulation defines specific security measures that range from basic things such as a registry of incidents and ensure the correct identification and authentication of users who access personal data, level measures as audits and control of physical access to high-level measures such as the encryption of communications or a detailed access record that keeps at least the identification of the user, the date and time it was made, the file accessed, the type of access and if it has been authorized or denied.
wiki
