Spanish Data Protection Authority Publishes GDPR Guides for Spanish SMEs

The Spanish Data Protection Authority – Agencia Española de Protección de Datos (AEPD) – recently published three guides to be used by small and medium enterprises (SMEs) comply with the European Union’s General Data Protection Regulation (GDPR) which goes into effect May 25, 2018. The AEPD noted that 99% of Spanish businesses are SMEs, which is why the AEPD has taken a proactive approach to educate companies on the new efforts necessary to comply with the GDPR.

The first guide is intended to help data controllers to implement the GDPR’s main elements and includes a checklist. The second guide is intended for data controllers and processors to enter into written agreements (as is required by the GDPR) that fully comply with the new law. The third guide is intended to help controllers understand what is necessary to comply with the duty to inform data subjects about the controller’s data practices.

All three guides are in Spanish, and available on the AEPD’s website here.

The information is written in an accessible manner for Spanish SMEs and therefore would be a suitable companion for companies doing business in Spain who wish to understand the AEPD’s expectations and proactively take steps to comply with the GDPR as interpreted by the AEPD.