Internet laws are recent and are constantly developing, therefore, it is essential to receive legal advice in order to certify that your business complies with the law. In A2SECURE, we offer our clients the following legal audits so that our clients business is entirely adapted to current legislation requirements:
“The security of our IT environment is a concern for us; it is difficult for us to have an overall view of our various hotels and their related facilities. Working with A2SECURE we have that view, and we know how to improve day by day.”
Occidental Hotels Deputy Technical Director of Systems and Communications
The Data Protection Act (referred to as LOPD, its initials in Spanish) intends to ensure that third parties, both public and private, use personal data in a legal and fair manner, that is, preventing unauthorized use giving rise to situations that may affect the privacy of individuals in their personal, family and professional environment.
This law is mandatory for any natural, legal or private person who in the course of their work deals with personal data, assuming a number of obligations.
We work with a methodology supported by our years of experience in the Data Protection Act compliance project, which is divided into three phases:
1. Review of the prior compliance with the Data Protection Act
A2SECURE performs a definition, collection and analysis of the level of compliance of the Data Protection Act (15/1999) and the Regulation on Security Measures RD (17-20/2007). This process begins with the collection of all documentation concerning said regulations by lawyers and technical staff.
2. LOPD audit and regulations
Performing the technical and legal audit on data protection, including the study, verification and contrast of the information collected in the previous phase with the current legislation situation. To do this, the organization of the company will be analyzed on the three key points of data protection:
3. Legal update to the LOPD
At this stage, the adaptation of the company to the rules of the Data Protection Act and implementation of the new features in its Regulation is done through the delivery of documents with descriptions of the legal and technical solutions to be applied in the company. The documents provide the necessary steps to carry out the necessary updates regarding the three key points of the LOPD (legitimation, legalization and security measures).
Legal audit services are tailor-made projects for our clients. Thus, our work begins and ends where the client requires, either with:
We offer a combination of the legal and technical dimension of the Data Protection Act, by providing a clear and concise description of the necessary steps and specific measures to be applied for its compliance.
A2SECURE has a highly qualified team to develop Ethical Hacking/Pentesting activities supported by various international certifications. But our trademark is our vocation to make our clients understand our results.
A Pentesting activity is really useful when the client is able to understand what has been found, the risks it implies and how it has been possible to get there. The latter is the key point: knowing how a successful attack has been possible, understanding if it is necessary to implement additional control and change an internal process that is causing breaches. In short, taking advantage of the exercise transforming it into improvements for the company.