Spanish Data Protection Agency publishes new guides on GDPR compliance

The first guide (in Spanish) deals with data protection risk assessment, which is a constant obligation for any entity processing personal data subject to the GDPR. It is necessary to evaluate the risk of each personal data processing activity in order to determine which security measures should be implemented for the protection of personal data processed or to analyse whether it is mandatory to carry out a Data Protection Impact Assessment (DPIA).

The second guide (also in Spanish) focuses on the obligation to carry out DPIAs which, in light of the GDPR, is mandatory whenever the processing may entail a high risk for the rights and freedoms of the individuals affected by the processing of their personal data. An EIPD would cover the security measures that would be appropriate to implement in order to mitigate such high risk.

These guides are highly useful for data protection professionals, who get to know, in their client's benefit, the SDPA's criterion before the GDPR becomes fully applicable.

Both guides are part of a set of publications that the SDPA has been publishing to enable citizens better know their rights and entities acknowledge their obligations under GDPR. All of the materials regarding GDPR published by the SDPA to this day are published in this website (in Spanish).

Latest insights

More Insights
Curiosity line teal background

UK-India Trade: Opportunities for your business under the new Free Trade Agreement

3 minutes May 19 2025

Read More
featured image

Comparative advertising: online comparison sites

1 minute May 16 2025

Read More
Curiosity line yellow background

Similar, or not similar, that is the question: Thoughts and Takeaways on Singapore’s Marks-Similarity assessment

May 14 2025

Read More