Data protection services

After the General Data Protection Regulation (GDPR), repealing Directive 95/46/EC and Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of Digital Rights, were passed, companies and organisations are obliged to prove compliance with this regulation and to apply security measures in accordance with an analysis of risks of the persons connected with the data.


At AGM Abogados we can help your company to comply with the new regulation on Data Protection, by making an initial analysis and evaluation to then go on to carry out the following tasks:


  • Registration of processing activities: special reference to the data considered sensitive with regard to the health of workers on the occasion of COVID-19.
  • Lawful basis for processing.
  • Preparation of legal clauses on information: the analysis shall be performed both with regard to the collection of physical information (in hardcopy format) and in electronic format (web or by any other means) developing formulas for obtaining the express consent of the interested party in any processing requiring this.
  • Procedures for exercising rights: we will establish procedures which easily enable accrediting that the interested parties have exercised their rights and the client will be advised for the latter to comply with any rights which may be exercised by the affected parties in the forms and deadlines laid down in the law.
  • Evaluation of the relationship with data processing by third parties: we will find out whether there are third parties who carry out data processing and the organisation and give guidelines to evaluate suppliers, requesting certifications and if necessary, drawing up contracts to regulate processing of data by third parties in accordance with the law.
  • Analysis of risk in GDPR: we will deliver an analysis which will be the result of a documented reflection on the implications of processing, informing of whether new measures need to be taken.
  • Data protection delegate/officer (DPD/DPO): we will determine, along with the client, whether it is relevant to have a DPD and can if needed to provide that service.
  • Legal review of the web site: in accordance with LSSI-EC (Law 34/2002 on information society services and electronic commerce) this service examines all the aspects that companies have to take into consideration to comply with LSSI-EC on their web pages:
    • Conditions for use of the website and privacy policy.
    • Use of Cookies and Metatags.
    • Procedures for online contracts.
    • Copyright over the content of the website.
    • Intellectual and industrial property of the website.