{"id":30935,"date":"2026-06-22T14:12:18","date_gmt":"2026-06-22T12:12:18","guid":{"rendered":"https:\/\/itpatagonia.com\/?p=30935"},"modified":"2026-06-22T14:12:18","modified_gmt":"2026-06-22T12:12:18","slug":"proteccion-de-datos-personales","status":"publish","type":"post","link":"https:\/\/itpatagonia.com\/en\/blog\/proteccion-de-datos-personales","title":{"rendered":"Personal data protection: obligations, third parties, and evidence. What to request and how to audit"},"content":{"rendered":"<p class=\"wp-block-paragraph\">In most organizations, the protection of personal data has ceased to be an exclusively legal issue and has become a<strong> critical component of the operating model<\/strong>.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In fact, it is considered a <a href=\"https:\/\/itpatagonia.com\/en\/blog\/data-governance\/\">key dimension of <em>data governance<\/em><\/a>, which defines how data is managed, controlled, and used throughout the organization<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, a significant gap still exists between what is defined in policy and what actually happens in production. <em>gap<\/em> Not only does it expose the organization to regulatory risks, but it also limits its ability to scale data, analytics, and artificial intelligence initiatives in a controlled manner.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In a context where data circulates between multiple systems, teams, and third parties, this article proposes a practical approach: <strong>How to move from declaration to control, and from control to evidence<\/strong>.<\/p>\n\n\n\n<h2 id=\"h-el-problema-cumplir-no-es-declarar-es-poder-demostrar\" class=\"wp-block-heading\"><strong>The problem: compliance isn&#039;t about declaring, it&#039;s about being able to prove it.<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most frequent tensions in audits is the difference between \u201cdocumentary compliance\u201d and \u201coperational compliance\u201d.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Many organizations may show policies, procedures, and contracts that formally meet the requirements, but fail to demonstrate that those guidelines are effectively applied in daily systems and processes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This difference becomes critical when an incident occurs or when a regulator demands traceability.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In these scenarios, what is being tested is not the existence of a policy, but the ability to reconstruct concrete facts:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Who accessed the data and under what authorization.<\/li>\n\n\n\n<li>Which controls were active.<\/li>\n\n\n\n<li>What actions were taken in response to a deviation?.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The central point is that <strong>Actual compliance is observable and auditable<\/strong>. Without records, traceability, and defined responsibilities, any policy loses practical value.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Therefore, the protection of personal data must be designed from the outset as an evidence-based control system, not as a set of static definitions.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"389\" src=\"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--1024x389.png\" alt=\"\" class=\"wp-image-31292\" srcset=\"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--1024x389.png 1024w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--300x114.png 300w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--768x291.png 768w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--1536x583.png 1536w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--2048x777.png 2048w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--18x7.png 18w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos.-imagen-1--720x273.png 720w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">One of the most frequent tensions in audits is the difference between documentary compliance and operational compliance.\u00a0<\/figcaption><\/figure>\n\n\n\n<div style=\"height:10px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 id=\"h-que-obligaciones-existen-y-como-se-traducen-en-controles-operativos\" class=\"wp-block-heading\"><strong>What obligations exist and how do they translate into operational controls?<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Obligations regarding <a href=\"https:\/\/itpatagonia.com\/en\/blog\/desafios-de-la-gestion-de-datos-personales\/\">protection of personal data<\/a> They are usually formulated in broad terms: protect confidentiality, guarantee integrity, limit use, and ensure availability.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The challenge is to translate those principles into concrete decisions that impact architecture, processes, and daily operations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For example, data classification is not just a conceptual exercise, but the <strong>basis for defining which controls apply in each case<\/strong>.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Without a clear classification system, all data is treated the same or, worse, without any consistent criteria. This directly impacts the prioritization of controls and the allocation of resources.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Access control, on the other hand, requires going beyond the initial assignment of permissions. It involves <strong>Periodically review who has access to what.<\/strong>, to understand if those accesses are still necessary and to detect accumulations of privileges that increase the risk.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In dynamic environments, this control must be integrated with processes for adding, deleting, and modifying users.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Data minimization forces us to question common practices: <strong>what data is collected, for what purpose, and for how long it is kept<\/strong>. Often, the problem is not misuse, but unnecessary accumulation that expands the risk area.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regarding retention and deletion, <strong>The challenge is not in defining policies, but in implementing them in an automated way.<\/strong>. The absence of technical mechanisms to ensure the effective elimination of data means that policies remain merely declarative.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Traceability and incident response complete the picture. Without adequate records, there is no way to investigate or learn from events. <strong>Without clear response processes, even minor incidents can escalate in impact<\/strong>.<\/p>\n\n\n\n<h2 id=\"h-terceros-y-proveedores-el-eslabon-mas-debil-y-como-gestionarlo\" class=\"wp-block-heading\"><strong>Third parties and suppliers: the weakest link and how to manage it<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As organizations adopt service-based models - cloud, SaaS, partner integrations - the perimeter of control expands.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This implies that a significant part of data processing occurs outside the organization&#039;s direct infrastructure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thus, third parties become a critical point. Not only because of their access to data, but also because of the complexity of their own supply chain.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A provider may, in turn, depend on multiple subprocessors, making visibility and control difficult.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The most common mistake is assuming that hiring a reputable vendor automatically guarantees compliance. In practice, each organization must... <strong>validate that the third party&#039;s controls are equivalent to your own<\/strong> and that there is evidence of its functioning.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This involves working on three dimensions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Contractual<\/strong>: clearly define responsibilities, service levels and audit rights.&nbsp;<\/li>\n\n\n\n<li><strong>Operation<\/strong>: establish monitoring and periodic review mechanisms.&nbsp;<\/li>\n\n\n\n<li><strong>Evidence<\/strong>: have concrete evidence that the controls exist and work.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Third-party management is not a one-off process, but a continuous cycle of evaluation, monitoring, and adjustment.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"389\" src=\"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-1024x389.png\" alt=\"\" class=\"wp-image-31293\" srcset=\"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-1024x389.png 1024w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-300x114.png 300w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-768x291.png 768w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-1536x583.png 1536w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-2048x777.png 2048w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-18x7.png 18w, https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-imagen-2-720x273.png 720w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Data classification is not just a conceptual exercise, but the basis for defining which controls are applied in each case.&nbsp;<\/figcaption><\/figure>\n\n\n\n<h2 id=\"h-que-evidencias-necesitas-para-auditar-proteccion-de-datos\" class=\"wp-block-heading\"><strong>What evidence do you need to audit data protection?<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Evidence is the bridge between intention and reality, allowing us to validate whether controls are working and to identify deviations in time.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">How is evidence constructed?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>access logs<\/strong> They are one of the most critical pieces of information, as they allow us to reconstruct who interacted with the data and in what context. However, simply having them is not enough: the logs must be complete, consistent, and accessible for analysis.<\/li>\n\n\n\n<li>The <strong>treatment records<\/strong> They provide context about the use of the data: what it is used for, who is responsible, and under what conditions. This is key to evaluating the legitimacy of the processes.<\/li>\n\n\n\n<li><strong>Versioning and configuration<\/strong> They allow us to understand how systems and controls evolve. This history makes it easier to identify when a change was introduced that could have created a risk.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The evidence should also include the <strong>security controls applied<\/strong>, such as encryption, authentication, or monitoring, as well as the <strong>results of previous audits<\/strong> and the <strong>incident management<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A key aspect is that evidence should not be a manual effort generated solely for audits. It should be part of the normal functioning of the operation and be generated automatically and continuously.<\/p>\n\n\n\n<h2 id=\"h-como-auditar-en-la-practica-proceso-responsables-y-frecuencia\" class=\"wp-block-heading\"><strong>How to audit in practice: process, responsibilities and frequency<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An effective personal data protection audit requires a structured, yet pragmatic, approach. The key lies in prioritizing based on the risk and criticality of the data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The first step is to clearly define <strong>which controls will be evaluated and what evidence supports them<\/strong>. This helps avoid superficial audits based on perceptions or statements.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regarding those responsible, it is essential that the audit be a coordinated effort in which:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Safety provides the technical perspective.<\/li>\n\n\n\n<li>Compliance interprets regulatory requirements and data teams.<\/li>\n\n\n\n<li>Architecture validates the implementation.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>audit frequency<\/strong> It must be adapted to the level of risk. Critical systems require more frequent reviews, while others can be evaluated over longer cycles.<strong> The important thing is that there is a sustained and predictable cadence<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, the <strong>documentation of findings<\/strong> This is key to transforming the audit into an improvement tool. Each finding must be translated into a concrete action, with defined responsibilities and deadlines.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"How to effectively manage customer data\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/pFhdSXT8ceQ?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 id=\"h-checklist-si-no-esta-la-evidencia-no-hay-cumplimiento\" class=\"wp-block-heading\"><strong>Checklist: If there is no evidence, there is no compliance<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This checklist serves as a quick validation of the maturity level. It&#039;s not just about verifying the existence of controls, but about confirming that they can be demonstrated at any time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a premise, it must be taken into account that if you don&#039;t have the evidence, there is no compliance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You have an inventory and classification of data (sensitive and non-sensitive).<\/li>\n\n\n\n<li>You defined who accesses which data and it is controlled by each role.<\/li>\n\n\n\n<li>You can display access and data usage logs.<\/li>\n\n\n\n<li>You have retention and deletion policies in place.<\/li>\n\n\n\n<li>Third parties have equivalent controls and you can prove it.<\/li>\n\n\n\n<li>You have contracts with data protection and audit clauses.<\/li>\n\n\n\n<li>You record incidents and have a response plan.<\/li>\n\n\n\n<li>You can reconstruct what happened in the event of an incident (traceability).<\/li>\n\n\n\n<li>You have clear responsibilities: data owner, security, compliance.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This type of checklist allows for quick alignment of the areas involved and the detection of gaps without the need for complex processes.<\/p>\n\n\n\n<h2 id=\"h-errores-comunes-que-exponen-a-la-organizacion\" class=\"wp-block-heading\"><strong>Common mistakes that put the organization at risk<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">One of the most common mistakes is treating personal data protection as a compliance requirement addressed at the end of projects. This leads to solutions that are neither designed to be audited nor to scale.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is also common to delegate to suppliers without validating their controls, which creates a false sense of security. <strong>The lack of logs and auditing mechanisms is another critical problem<\/strong>, because it prevents the detection and analysis of incidents.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the other hand, the absence of <em>ownership<\/em> Clearly, this creates ambiguity: if no one is responsible, controls tend to degrade over time.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, failing to integrate privacy into the development cycle means that each new product or feature increases the risk.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In environments where data feeds AI models, these errors not only affect compliance, but also the quality and reliability of the results.<\/p>\n\n\n\n<h2 id=\"h-proximo-paso\" class=\"wp-block-heading\"><strong>Next step<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In personal data protection, the difference between an exposed organization and <a href=\"https:\/\/itpatagonia.com\/en\/blog\/estrategia-de-datos-con-ia\/\">a prepared organization<\/a> It&#039;s not about what he declares, but about what he can demonstrate, sustain, and improve over time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To transform the guidelines into concrete actions, the next step is to structure the audit with practical tools. <a href=\"https:\/\/itpatagonia.com\/en\/servicios\/data-ia\/\">Schedule a work session<\/a> to review evidence, detect gaps, and define a remediation plan.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>","protected":false},"excerpt":{"rendered":"<p>In a context where data circulates between multiple systems, teams and third parties, we propose a practical approach on how to move from declaration to control, and from control to evidence.<\/p>","protected":false},"author":7,"featured_media":31291,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[172],"tags":[87,131,191],"class_list":["post-30935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-ia","tag-gobierno-de-datos","tag-proteccion-de-datos","tag-proteccion-de-datos-personales"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.8 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Gu\u00eda pr\u00e1ctica para auditar la protecci\u00f3n de datos personales<\/title>\n<meta name=\"description\" content=\"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itpatagonia.com\/en\/blog\/proteccion-de-datos-personales\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar\" \/>\n<meta property=\"og:description\" content=\"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itpatagonia.com\/en\/blog\/proteccion-de-datos-personales\/\" \/>\n<meta property=\"og:site_name\" content=\"IT Patagonia\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-22T12:12:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"971\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nicol\u00e1s Hellers\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicol\u00e1s Hellers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales\"},\"author\":{\"name\":\"Nicol\u00e1s Hellers\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#\\\/schema\\\/person\\\/b4efd90a68e634c4456bb113bdc73cdb\"},\"headline\":\"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar\",\"datePublished\":\"2026-06-22T12:12:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales\"},\"wordCount\":1763,\"publisher\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Proteccion-de-datos-portada-ES--scaled.png\",\"keywords\":[\"Gobierno de datos\",\"Protecci\u00f3n de datos\",\"Protecci\u00f3n de datos personales\"],\"articleSection\":[\"Data &amp; IA\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales\",\"name\":\"Gu\u00eda pr\u00e1ctica para auditar la protecci\u00f3n de datos personales\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Proteccion-de-datos-portada-ES--scaled.png\",\"datePublished\":\"2026-06-22T12:12:18+00:00\",\"description\":\"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#primaryimage\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Proteccion-de-datos-portada-ES--scaled.png\",\"contentUrl\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Proteccion-de-datos-portada-ES--scaled.png\",\"width\":2560,\"height\":971},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/blog\\\/proteccion-de-datos-personales#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\\\/\\\/itpatagonia.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#website\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/\",\"name\":\"IT Patagonia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/itpatagonia.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#organization\",\"name\":\"IT Patagonia\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/IT-Patagonia-logo-web.png\",\"contentUrl\":\"https:\\\/\\\/itpatagonia.com\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/IT-Patagonia-logo-web.png\",\"width\":350,\"height\":100,\"caption\":\"IT Patagonia\"},\"image\":{\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/itpatagonia\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/itpatagonia.com\\\/#\\\/schema\\\/person\\\/b4efd90a68e634c4456bb113bdc73cdb\",\"name\":\"Nicol\u00e1s Hellers\",\"url\":\"https:\\\/\\\/itpatagonia.com\\\/en\\\/blog\\\/author\\\/nicolas\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Gu\u00eda pr\u00e1ctica para auditar la protecci\u00f3n de datos personales","description":"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itpatagonia.com\/en\/blog\/proteccion-de-datos-personales\/","og_locale":"en_US","og_type":"article","og_title":"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar","og_description":"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.","og_url":"https:\/\/itpatagonia.com\/en\/blog\/proteccion-de-datos-personales\/","og_site_name":"IT Patagonia","article_published_time":"2026-06-22T12:12:18+00:00","og_image":[{"width":2560,"height":971,"url":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png","type":"image\/png"}],"author":"Nicol\u00e1s Hellers","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicol\u00e1s Hellers","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#article","isPartOf":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales"},"author":{"name":"Nicol\u00e1s Hellers","@id":"https:\/\/itpatagonia.com\/#\/schema\/person\/b4efd90a68e634c4456bb113bdc73cdb"},"headline":"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar","datePublished":"2026-06-22T12:12:18+00:00","mainEntityOfPage":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales"},"wordCount":1763,"publisher":{"@id":"https:\/\/itpatagonia.com\/#organization"},"image":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#primaryimage"},"thumbnailUrl":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png","keywords":["Gobierno de datos","Protecci\u00f3n de datos","Protecci\u00f3n de datos personales"],"articleSection":["Data &amp; IA"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales","url":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales","name":"Gu\u00eda pr\u00e1ctica para auditar la protecci\u00f3n de datos personales","isPartOf":{"@id":"https:\/\/itpatagonia.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#primaryimage"},"image":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#primaryimage"},"thumbnailUrl":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png","datePublished":"2026-06-22T12:12:18+00:00","description":"Analizamos qu\u00e9 exigir a tu organizaci\u00f3n y a terceros, qu\u00e9 evidencias pedir y c\u00f3mo validar cumplimiento en producci\u00f3n.","breadcrumb":{"@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#primaryimage","url":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png","contentUrl":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2026\/06\/Proteccion-de-datos-portada-ES--scaled.png","width":2560,"height":971},{"@type":"BreadcrumbList","@id":"https:\/\/itpatagonia.com\/blog\/proteccion-de-datos-personales#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/itpatagonia.com\/"},{"@type":"ListItem","position":2,"name":"Protecci\u00f3n de datos personales: obligaciones, terceros y evidencias. Qu\u00e9 pedir y c\u00f3mo auditar"}]},{"@type":"WebSite","@id":"https:\/\/itpatagonia.com\/#website","url":"https:\/\/itpatagonia.com\/","name":"IT Patagonia","description":"","publisher":{"@id":"https:\/\/itpatagonia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itpatagonia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/itpatagonia.com\/#organization","name":"IT Patagonia","url":"https:\/\/itpatagonia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itpatagonia.com\/#\/schema\/logo\/image\/","url":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2023\/11\/IT-Patagonia-logo-web.png","contentUrl":"https:\/\/itpatagonia.com\/wp-content\/uploads\/2023\/11\/IT-Patagonia-logo-web.png","width":350,"height":100,"caption":"IT Patagonia"},"image":{"@id":"https:\/\/itpatagonia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/itpatagonia\/"]},{"@type":"Person","@id":"https:\/\/itpatagonia.com\/#\/schema\/person\/b4efd90a68e634c4456bb113bdc73cdb","name":"Nicholas Hellers","url":"https:\/\/itpatagonia.com\/en\/blog\/author\/nicolas"}]}},"_links":{"self":[{"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/posts\/30935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/comments?post=30935"}],"version-history":[{"count":5,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/posts\/30935\/revisions"}],"predecessor-version":[{"id":31308,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/posts\/30935\/revisions\/31308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/media\/31291"}],"wp:attachment":[{"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/media?parent=30935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/categories?post=30935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itpatagonia.com\/en\/wp-json\/wp\/v2\/tags?post=30935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}