{"id":6396,"date":"2020-12-28T13:35:28","date_gmt":"2020-12-28T12:35:28","guid":{"rendered":"https:\/\/edorteam.com\/consultancy-of-adaptation-to-the-rgpd\/"},"modified":"2026-05-04T17:32:29","modified_gmt":"2026-05-04T15:32:29","slug":"consultancy-of-adaptation-to-the-rgpd","status":"publish","type":"page","link":"https:\/\/nova.edorteam.com\/en\/consultancy-of-adaptation-to-the-rgpd\/","title":{"rendered":"GDPR consulting for companies and SMEs"},"content":{"rendered":"

Leave GDPR consulting in our hands<\/h2>\n<\/div><\/div>

Complete GDPR \/ LOPD consulting<\/strong> solution for your business. It complies with the regulations in the most efficient and economical<\/strong> possible with a totally tailored solution<\/strong> of the reality of your company.<\/p>\n<\/div><\/div>

Company obligations<\/a><\/div>
Budget for SMEs and large companies<\/a><\/div><\/div>
<\/div><\/div><\/div>
\"Is<\/span><\/div>

LOPD is Spanish data protection law, while GDPR is the European law. Both must be applied in Spain, until LOPD update that includes new GDPR features is published.<\/h3>\n<\/div><\/div>
<\/div><\/div><\/div>

Is my company obliged to comply with the GDPR?<\/h2>\n

The GDPR has been mandatory since May 25, 2018, and applies to the total or partial processing of personal data by controllers or processors established in the EU<\/strong>, as well as those not established in the EU, if they carry out processing intended for EU citizens.<\/p>\n

Spanish companies that process personal data are obliged to<\/strong> comply with this new regulation and must correctly adapt to the new features and obligations it establishes.<\/p>\n

Although a Data Protection<\/strong> Law already existed in Spain, the GDPR introduces some new obligations and, therefore, both regulations must now be applied.<\/p>\n

Our experience with clients who handle highly protected<\/strong> data allows us to offer the best and most complete solution to easily adapt to current legislation.<\/p>\n<\/div><\/div><\/div><\/div><\/div>

Adaptation to the GDPR data protection regulations: what is it?<\/h2>\n<\/div><\/div><\/div><\/div>

You get customized solutions for your company and professional activity<\/h3>\n

\u2714 Privacy policies.
\u2714 Updated data processing records.
\u2714 Correct management of social networks and website: publication of images, minors, legal texts, cookie policy...
\u2714 Administrative adaptation: emails, invoices, delivery notes, SEPA orders, contracts, correct WhatsApp management, and more!
\u2714 HR management: confidentiality agreements and other documents for your employees.
\u2714 Video surveillance and geolocation: posters and protocols for the correct management of video surveillance and geolocation.
\u2714 Attention to customer rights: clear and efficient protocols.
\u2714 Confidentiality agreements with collaborators and suppliers.
\u2714 Legal advice on data protection: continuous and specialized support in all phases of the process.<\/p>\n<\/div><\/div><\/div><\/div>

You get access to a cloud management platform<\/h3>\n

Our data protection service includes access to a cloud application from where you can manage the Record of Processing Activities<\/strong> and keep all legal documentation always up to date. These are the main functions that can be performed from the application: <\/p>\n<\/div><\/div><\/div><\/div>

i<\/span><\/span><\/div>

Consult and download the Record of Processing Activities<\/h3><\/div><\/div><\/div><\/div>
+<\/span><\/span><\/div>

Manage ARCO-POL rights<\/h3><\/div><\/div><\/div><\/div>
~<\/span><\/span><\/div>

Generate confidentiality agreements and other contracts<\/h3><\/div><\/div><\/div><\/div>
s<\/span><\/span><\/div>

Register security incidents quickly<\/h3><\/div><\/div><\/div><\/div>
Z<\/span><\/span><\/div>

Keep the I\/O media registry up to date<\/h3><\/div><\/div><\/div><\/div><\/div>

Assessment to determine if the figure of the DPO is necessary<\/h3>\n

The Data Protection Officer (DPO) is a specialist in Data Protection,<\/strong> usually with a law degree, whose function is to guarantee compliance with the regulations.<\/p>\n

Our legal compliance experts will determine if your company should appoint a Data Protection Officer (DPO). In that case, Edorteam will be your external DPO<\/strong> to carry out information, coordination and supervision tasks of the company's data protection policy, ensuring compliance at all times.<\/p>\n<\/div><\/div><\/div><\/div>

Adapting to the GDPR without applying technical security measures is useless<\/strong><\/h3>\n

During the data protection audit, the technical security measures<\/strong> implemented by the organization will also be evaluated. If deficiencies or improvable aspects are detected in the computer network, this will be stated in the audit indicating its level of priority. <\/p>\n

During the data protection audit, the technical security measures<\/strong> implemented by the organization will also be evaluated. If deficiencies or improvable aspects are detected in the computer network, this will be stated in the audit indicating its level of priority. <\/p>\n

The Edorteam computer systems department will be at the company's disposal to guide, advise and implement the technical measures necessary to guarantee the organization's regulatory compliance,<\/strong> both software and hardware. The implementation service will always be carried out under prior budget and is not included in this economic proposal. <\/p>\n<\/div><\/div><\/div><\/div><\/div>

<\/div>

Advantages and benefits of complying with the GDPR<\/p>\n<\/div><\/div><\/div>

R<\/span><\/span><\/div>

Avoid fines and sanctions that would jeopardize your business<\/h3><\/div><\/div><\/div><\/div>
v<\/span><\/span><\/div>

Direct communication with your expert data protection consultant at Edorteam<\/h3><\/div><\/div><\/div><\/div>
\ue022<\/span><\/span><\/div>

Regular audits and training by our specialists<\/h3><\/div><\/div><\/div><\/div>
\ue003<\/span><\/span><\/div>

If you wish, we can carry out the service 100% online, with documentation always updated and available.<\/h3><\/div><\/div><\/div><\/div><\/div><\/div>
\"Keys<\/span><\/div><\/div>

Keys about GDPR regulation and its compliance<\/h2>\n

Below, you will find a selection about the most important GDPR articles and what we propose to fulfill your obligations.<\/p>\n<\/div><\/div><\/div><\/div>

Article 7<\/h3>

Consent obtained<\/strong> prior to the date of application of the European Regulation (25\/05\/2018) will only remain valid if it has been obtained in compliance with the criteria set out in the Regulation itself (free, informed, specific and unambiguous).<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Change of consents and revision of contracts on behalf of third parties and data processors to adapt them to the new regulations.<\/p>\n<\/div><\/div><\/div><\/div><\/div>

Article 28<\/h3>

Contract with data processors<\/strong> that have adhered to data protection compliant certifications, mechanisms or codes of conduct.<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Creation of codes of conduct specialised in data protection regulations.<\/p>\n<\/div><\/div><\/div><\/div><\/div>

Article 31.1.d<\/h3>

Regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure data protection security.<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Carrying out audits to verify security measures compliance.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>

Articles 30 and 32<\/h3>

Management and administration of users, control of equipment and maintenance of an activity log<\/strong>.<\/p>\n

Set up of data recovery systems and regular backups<\/strong> of equipment.<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Setup the IT equipment with ET Seguridad and ET Backup software, if other solutions with same features are not available.<\/p>\n<\/div><\/div><\/div><\/div><\/div>

Article 32.2<\/h3>

Assessment of the risks<\/strong> presented by data processing, in particular as a result of accidental or unlawful destruction, loss or alteration of data, or unauthorized disclosure of or access to such data.<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Study and implementation of risk assessments in treatments by means of evaluations from a personalised point of view, taking into account the different specifications.<\/p>\n<\/div><\/div><\/div><\/div><\/div>

Article 34<\/h3>

Obligation on companies to report any leakage of personal data within 72 hours<\/strong>.<\/p>\n<\/div><\/div><\/div><\/div>

Edorteam's solution<\/h3>

Preventive folders and documents encryption with ET Encrypt or similar software. The use of encryption on personal information removes the obligation to notify those affected that a security breach has occurred.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>

What are the penalties for GDPR non-compliance?<\/h2>\n

As one of the key new features, GDPR strengthens the penalty regime<\/strong>, establishing fines of up to 4% of the company's global turnover or 20 million euros, with the higher of the two amounts being applied as a fine.<\/p>\n<\/div><\/div>

Fines can reach 20 million euros or 4% of the company's global turnover, whichever is higher.<\/h3>\n<\/div><\/div>
<\/div><\/div><\/div>
\"What<\/span><\/div><\/div><\/div><\/div>

What's new in the GDPR compared to the LOPD?<\/h2>\n<\/div><\/div>

Specific consent<\/h3>

Consent must be free, informed, specific and unambiguous. The requirement of consent is reinforced by an unequivocal manifestation or a positive action, and cannot be inferred from silence or inaction. This establishes the obligation to have consent registration systems so that verification is possible in the event of an audit.<\/p>\n<\/div><\/div>

Specially protected data<\/h3>

Consent shall be explicit for the processing of sensitive data.<\/p>\n

Specially protected or sensitive data:<\/p>\n