BROSETA’s Privacy, IT and Digital Environments team has in-depth knowledge and extensive experience in Personal Data Protection Law, in the area of advising on the obligations and rights of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, which adapts to Spanish domestic law the General Data Protection Regulations applicable since May 2018, as well as everything related to the former Organic Law 15/1999, of 13 December and its regulatory development, in the activities for which it remains in force.

The transversal nature of the regulations has led the professionals at BROSETA to acquire an in-depth knowledge of the regulations in a general manner and in relation to the different sectors of application, highlighting in this sense the financial and insurance sectors; Healthcare, Pharmaceuticals and Biotechnology; Automotive and Transport; Advertising and Online Marketing; Leisure and Tourism; Telecommunications and FMCG, among others.

Among the work carried out by BROSETA in this area is:

• Adaptation to the RGPD and the LOPDGDD.
• Assistance in security breaches, including notifications to the regulatory authority and, where appropriate, to those affected. Analysis of “risk” or “high risk” concurrence.
• Review and preparation of clauses, privacy policies and legal texts for the collection and processing of personal data.
• Preparation of reports on the existence of a prevailing legitimate interest.
• Assistance in the case of exercising rights of access, opposition, deletion, forgetting, limitation of processing and portability.
• Issuance of opinions regarding the content of the RGPD and the LOPDGDD.
• Analysis of risks derived from the processing, preparation of recommendations of adaptation to the regulation and, if necessary, carrying out Impact Assessments from the legal perspective.
• Analysis of the obligatory/suitable designation of the Data Protection Officers and assumption of the tasks and functions that correspond to them.
• Drafting and reviewing contracts with special data protection implications and participating in Due Diligence processes and negotiations in closing transactions.
• Preparation of protocols for the hiring of data processing officers, security breaches or determination of the need to carry out an impact assessment .
• Assistance and support in the preparation, implementation and/or updating of the Activities Register.
• Determination of the regime for transfers to third countries and determination of the mechanisms for their adaptation to the RGPD.
• Assistance, representation and defence in all types of proceedings before the Spanish Data Protection Agency.
• Preparation of sectoral Codes of Conduct.