• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Spanish DPA Issues GDPR Guidelines

January 30, 2017 By Privacy, Cyber & Data Strategy Team

On January 26, 2017, the Spanish data protection authority (“AEPD”) published three guidance papers on the implementation of the general data protection regulation (“GDPR”). Although the guidance is primarily directed at small and medium-sized companies, it gives a snapshot on how the AEPD reads the GDPR and is thus relevant for all companies having operations in Spain.

  • GDPR Guide for Controllers: the guide summarizes the requirements of the GDPR while providing practical recommendations on how to implement them. The guide also contains a questionnaire to help controllers make a self-assessment of their privacy practices in light of the GDPR.
  • Guide on the Privacy Notices: the guide summarizes the requirements of the GDPR and provides for practical recommendations as to how notices should be delivered to individuals, including through which specific means and channels. Importantly, the AEPD recommends a layered approach to information notices whereby basic information is provided in a table format which is immediately visible to individuals, and detailed information is provided in a second layer. The AEPD invites companies to review their notices and procedures as of now, and in any case before the GDPR fully applies in May 2018.
  • Guidelines for Contracts between Controllers and Processors: the guidelines describes the requirements of the GDPR with respect to vendor management and provides for a list of provisions which should be part of a data processing agreement.  An annex to the guidelines contains model clauses which companies may use in the situations where the processor  processes the controller’s personal data exclusively in its own premises and systems.

The AEPD’s press release is available here.

Alston & Bird is closely following EU and local guidance on the GDPR and is advising companies on how to comply with the GDPR requirements. For more information, contact Jim Harvey or David Keating.

Filed Under: Data Protection, GDPR, Privacy, Regulation, Uncategorized Tagged With: EU Data Protection, EU Privacy, EU Regulation, European Union (EU), GDPR Implementation, Spanish Data Protection

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
  • Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
  • Recent Updates in Two Closely-Watched Cybersecurity and Privacy-Related Securities Fraud Class Actions
  • EU and U.S. Reach Agreement In Principle on a Replacement for the EU-U.S. Privacy Shield
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.