Spanish Data Protection Agency publishes new guides on GDPR compliance
The first guide (in Spanish) deals with data protection risk assessment, which is a constant obligation for any entity processing personal data subject to the GDPR. It is necessary to evaluate the risk of each personal data processing activity in order to determine which security measures should be implemented for the protection of personal data processed or to analyse whether it is mandatory to carry out a Data Protection Impact Assessment (DPIA).
The second guide (also in Spanish) focuses on the obligation to carry out DPIAs which, in light of the GDPR, is mandatory whenever the processing may entail a high risk for the rights and freedoms of the individuals affected by the processing of their personal data. An EIPD would cover the security measures that would be appropriate to implement in order to mitigate such high risk.
These guides are highly useful for data protection professionals, who get to know, in their client's benefit, the SDPA's criterion before the GDPR becomes fully applicable.
Both guides are part of a set of publications that the SDPA has been publishing to enable citizens better know their rights and entities acknowledge their obligations under GDPR. All of the materials regarding GDPR published by the SDPA to this day are published in this website (in Spanish).Latest insights
More Insights
Greening Electronics: How the ESPR will affect electronics and household appliances
4 minutes Apr 03 2025
Gen AI at work: Hong Kong Privacy Commissioner publishes further AI guidance on the use of Gen AI by employees
Apr 03 2025
German Court Rules That Data Protection Breaches Can Be Prosecuted In Civil Courts Under The Unfair Competition Law
3 minutes Mar 31 2025