After the entry into force of Regulation 2016/679 of the European Parliament and of the Council of the European Union, of 27 April 2016, designated as New General Data Protection Regulation, on 25 May 2018, it became emergent to provide the requirements and guidelines for establishing, implementing, maintaining and continuously improving an information security management system that preserves the confidentiality, integrity and availability of information. It is intended as the final result of this work, the presentation of a method for verifying the information security system to comply with the new general data protection regulation following the lines of ISO/IEC 27001:2013 (Security management systems) information), ISO/IEC 27002:2013 (Information technology - security techniques - code of practice for information security controls) and, consequently, ISO/IEC 27701:2019 (Security techniques - extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - requirements and guidelines).