What are the GDPR and the LOPD, and who is required to comply with them?

The GDPR (General Data Protection Regulation) is the current European regulation on the protection of personal data, mandatory since May 25, 2018, in all member states of the European Union. Its purpose is to regulate the processing of personal data and define the rights that citizens have over their data, as well as the obligations of those who process it. The LOPDGDD (Organic Law on Data Protection and Guarantee of Digital Rights) is the current Spanish legislation on data protection, in force since December 2018, which repealed the former Organic Law 15/1999 (LOPD) in force since 1999. Its objective is to adapt Spanish legislation to the new European Regulation (GDPR).

Any company or professional that processes personal data, whether data of clients, employees, or any other person, is obliged to comply with it.

Companies, the self-employed, associations, foundations, public administrations, clubs, and communities process personal data for their ordinary management and therefore have a duty to comply with this regulation.

What does Soft Line offer?

At Soft Line, we offer a comprehensive service to help your company comply with this legal requirement. We handle the entire adaptation process to this regulation, including the administrative, technical, and organizational aspects, and we advise you on any questions or issues that may arise.

Our Data Protection compliance service includes:

/01
Initial Audit and Evaluation

Initial Audit and Evaluation
/02
Documentation and Contracts

Documentation and Contracts
/03
Templates and Informative Clauses

Templates and Informative Clauses
/04
Website Adaptation

Website Adaptation
/05
Training

Training
/06
Technical Audit of the System

Technical Audit of the System
/07
Maintenance and Certification

Maintenance and Certification
Initial Audit and Evaluation

Initial Audit and Evaluation

Initial Audit and Evaluation

Initial Audit for Information Gathering

Detailed review and analysis of the company's current GDPR compliance status, gathering the necessary information to begin the adaptation process.

Risk Analysis

Assessment of the risks associated with the processing of personal data, according to the sensitivity of the data, the operations performed, and the systems used.

Documentation and Contracts

Documentation and Contracts

Documentation and Contracts

Preparation of Staff Commitment Documents

Documents designed to raise awareness and engage staff in fulfilling their duty of confidentiality and proper data management.

Preparation of Data Processing Agreements

Drafting of agreements between data controllers and processors in accordance with Article 28 of the GDPR.

Generation of the Record of Processing Activities and Security Document

A mandatory document for all companies that process personal data, detailing the processing activities carried out, security measures, purposes, and legal bases.

Templates and Informative Clauses

Templates and Informative Clauses

Templates and Informative Clauses

Creation of templates or informational notices for data collection

Texts adapted for physical or digital forms that inform the user about the use of their data.

Insertion of consent request notices in data collection

Textual elements to ensure that consent is obtained freely, specifically, in an informed and unambiguous manner.

Insertion or creation of informational notices for quotes, delivery notes, and invoices

Legal texts to be included in commercial documents that may involve the processing of personal data.

Insertion of informational notices in email footers, or creation of corporate signatures

Mandatory legal texts that must accompany electronic communications.

Insertion of informational summaries into other documents provided by the client

Adaptation of informational texts into any type of corporate document that involves data processing.

Creation of video surveillance signs (if such a system is in place)

Design of GDPR-compliant informational signs required in areas under video surveillance.

Website Adaptation

Website Adaptation

Website Adaptation

Website Privacy Policy Creation

Customized drafting in compliance with current regulations, explaining how visitor data is processed.

Website Cookie Policy Creation

Legally required text informing users about the use of cookies, including acceptance and configuration mechanisms.

Training

Training

Training

Basic training on best practices in the processing of personal data

Sessions aimed at staff to ensure the correct application of the GDPR in daily operations, including key concepts, common mistakes, and responsibilities.

Technical Audit of the System

Technical Audit of the System

Technical Audit of the System

Computer System Audit

  • User Passwords, Permissions, and Access
  • Security Software (Antivirus/Antimalware)
  • Backups: Location, Frequency, and Custody

System Audit and Document Destruction Policy

Review of how physical and digital documents are disposed of to ensure secure and regulatory compliance.

Maintenance and Certification

Maintenance and Certification

Maintenance and Certification

Maintenance and control audits (if annual maintenance is contracted)

Ongoing compliance review, document updates, and support in case of any incident or inspection.

Issuance of a Certificate of Compliance

Document certifying that the company has been audited and adapted to current data protection regulations.

Fujitsu
Microsoft
Kyocera
Acer
Bitdefender
Cisco
APC
Nixfarma
Epson