Data Protection

Ensuring the privacy of a business requires compliance with the Law and how to do it. Failure to comply it may lead to significant penalties.

Law 15 /1999 on Protection of Personal Data contains legal obligations for those individuals or entities that hold personal data files.

According to the Data Protection Agency, the agency responsible for ensuring compliance with the Law, a high percentage of companies are unaware of the Law and fail to comply with it. These companies are in a risk of being severely punished with penalties that can reach up to 600,000 euros.

A prior information task, legalization and compliance with the Law can avoid high penalties and ensures adequate protection of a fundamental right of the individual.

We provide LEGAL and TECHNICAL advice for the implementation of security plans for personal data and for their monitoring, review and audit.

More information

The implementation of the Personal Data Security Plan consists of:

  • Adaptation of the company to Law 15/1999 of 13 December on the Protection of Personal Data and Act 1720/2007 of 21 December, by which approves the Regulation implementing the Law 15/1999 on the Protection of Personal Data
    • Drafting of informative clauses that must be included in any form of data collection
    • Study and adaptation of contracts with third parties that involve data transfer
    • Study and adaptation of contracts with third parties that require access to data
    • Study and adaptation of working contracts
    • Advice and drafting of the documents necessary to guarantee the rights of access, rectification and cancellation exercised by any holder of personal data
    • Registration and modification of files in the Data Protection Agency
  • Training of persons responsible for processing the data and all those who have access to personal data: you cannot successfully implement a plan of personal security if the people who manage it are not well aware of their obligations.

Data Protection biennial Audit

Article 96 of the Regulations implementing the Act requires owners of data files of middle and high level to perform an audit of their information systems at least every two years.

This audit aims to verify compliance with these regulations and procedures and instructions regarding data protection.