Countdown to GDPR – Spain - DAC Beachcroft

Countdown to GDPR – Spain's Tags

Tags related to this article

Countdown to GDPR – Spain

Published 27 February 2018

During the countdown to the GDPR, the Spanish Data Protection Agency (by its Spanish acronym AEPD) has been active in the publication of different documents and tools to facilitate the correct application of the GDPR in Spain. Amongst the different initiatives, the AEPD has published Facilita GDPR, a tool designed as a useful resource for any company or professional which processes personal data. It allows data controllers – by just answering three sets of questions- to assess their status and identify whether they must perform a deeper risk analysis. However, this tool is designed for companies that process personal data of low risk and cannot be used for the processing of personal data involving a high risk for the rights and freedoms of individuals.

There are other documents that have been produced by the AEPD to help individuals or companies prepare for the GDPR, including top tips for adaptation to the GDPR, a Guide to the GDPR for data controllers, a Guide to comply with the duty to notify (based on the guidance of the Article 29 Working Party, referred to in our editorial), and a service which a assists the data controller to develop a register of regulated activities.

Moreover, the AEPD has also been a pioneer in publishing the Certification Scheme of Data Protection Officers (DPO-AEPD Scheme), to offer security and reliability to the privacy professionals as well as to the companies and entities that are going to incorporate this figure into their organizations or that need to hire the services of a qualified professional. This DPO-AEPD Scheme is a certification system that certifies that DPOs meet the professional qualifications and knowledge required to carry out their role.

Although this certification is not mandatory to be able to practise as DPO and the profession can be exercised without being certified under this or any other scheme, the AEPD has considered it necessary to offer a point of reference to the market on the contents and elements of a certification mechanism that can serve as a guarantee to accredit the qualification and professional capacity of candidates for DPO.

The AEPD is responsible for developing, reviewing, and periodically validating the DPO-AEPD Scheme at least once every five years, or before if conditions merit such a review. To do so, it has created and maintains a DPO Certification Scheme Committee, as a means of contacting and involving the various parties interested in the certification of persons to carry out the functions of a DPO.

The technical competence of the certification bodies involved and their alignment with the requirements established by the DPO-AEPD Scheme, as well as their systematic and impartial behaviour, is achieved through their accreditation by the National Accreditation Body (ENAC), in accordance with the requirements of international regulations for the certification of persons. The only entities that can certify DPOs are those that have been accredited by ENAC in accordance with the UNE-EN ISO / IEC 17024: 2012 standard and in the scope of the application of the DPO-AEPD Scheme.

Link to the DPO-AEPD Scheme


Key Contacts

< Back to articles