The Spanish data protection legislation applies to companies and individuals who provide professional services of any nature, and covers everything from the initial setting up of the internal procedures designed to protect data of a sensitive (personal) nature, to the preparation of contracts and questionnaires for us on day to day matters; with the related IT security controls. If these measures are not implemented the Spanish Data protection Agency (DPA) can carry out inspections which could lead to substantial fines and penalties.

Our specialist team provides value added services in the design, implementation and registration of the required internal systems for entities that provide services covered by the legislation. In addition we provide ongoing external monitoring of these systems, and ensure that your organization is able to provide quality assured services in sensitive areas of activity.

What do we do to support you?

External support services designed to implement compliant data protection systems

Analysis of the data files maintained by the client, and the level of protection required under the current legislation.
Registration of the data files with the DPA.
Audit of the procedural systems kept by the client, which may affect compliance with DP requirements. This includes IT systems, networks internal and external servers, etc. This review will de documented and any required changes communicated.
The preparation and submission of the mandatory internal security document (ISD).
Drafting of internal contracts, forms, and other documentation required to ensure that DP is up to standards in its: collection, use and storage .

What do we do for the Annual maintenance ?

Review of internal controls to ensure that data access is continuously kept under strict review.
Regular update of the ISD.
Drafting of contracts for the treatment and management of sensitive data by third parties as well as the audit of access to these, on a regular basis.

General advice with regard to access by interested parties to the stored data.
Bi-annual external DP audits, if required.
Introduction of new maintenance software and its registration with the DPA.

Data protection audits

If the client already has the required DP systems in place, duly registered with the DPA, our firm can provide an external audit, which will cover the following areas:
Verification of security systems and access control to personal files.
Use and control of temporary files.
Verification of contents in security files and its adequacy.
Verification of the security controls in place in relation to the import and export of data.
Review of security systems´archives, particularly in relation to paper documents, or mixed.
Submission of a summary report covering all the areas looked at, deficiencies detected and required improvements.