Data Protection LOPD Consulting

Complies with the Data Protection Law

Online LOPD / GDPR solutions for your company

Comprehensive service of LOPD consulting Y GDPR adequacy for your business. It complies with the regulations in the most efficient and economical possible with a totally tailored solution of the reality of your company.


Whether you are an SME or a large company


Agile software with minimal dedication time


We accompany you throughout the process

Data Protection LOPD Consulting

GDPR expert consulting

We analyze and advise you on the treatment in terms of Data Protection that is being done in your company.

With our feedback, you will know if you are complying with the law or if you need to make changes.

GDPR data protection law compliance

Your company may be applying the LOPD correctly, but does it comply with European regulations (GDPR)?

Get out of doubt with our GDPR adaptation service , focused on complying with European law.

What is the LOPD?

What is the LOPD?

Since December 2018, the Spanish Law on Protection of Personal Data and guarantee of digital rights (LOPD) has been in force. The changes introduced by this law affect the majority of Spanish companies (small, medium and large).

LOPD makes it easier for citizens to exercise their rights of access, rectification, limitation of treatment, deletion, portability and opposition to the processing of your data.

It is also regulated how it should be reported to people about the processing of their data and entails a set of obligations for both those responsible and those in charge of the treatment.

All companies have the obligation to safeguard and control access to personal data contained in automated files.

What are the obligations of the Spanish data protection law?

To comply with the Organic Law on Data Protection we must:


Register the treatments performed.


Obtain consent expressly and through positive action.


Provide more information about the data processing (legal basis, maximum time of data conservation, identity of the Data Protection Officer, existence of automated decisions, international transfers ...).


Guarantee the exercise of the rights of access, rectification, deletion (right to be forgotten), limitation, portability, and opposition.


Update the privacy notices of the web to adapt them to both GDPR and Spanish data protection law, and be prepared to include them in contracts and forms.

What are the obligations of the Spanish data protection law?

In addition, we must enter into written contracts between those in charge of the treatment and those responsible, including the instructions from the person in charge to the person in charge in relation to security measures, the subcontracting regime, confidentiality and the destination of the data once the service has been provided.

What are the penalties for breaching the LOPD?

The sanctioning regime of the LOPD GDD maintains the classification of the old LOPD 15/1999, distinguishing between very serious, serious and mild, according to the degree of affectation of the data.

To apply one or another sanction too circumstances will be taken into account such as the continued nature of the offense, the link between the activity of the offender and the treatment, the effect on the rights of minors, etc.

Penalties of 300,000 to 600,000 euros

Those that suppose a substantial violation of the treatment and have to do with the use of the data for a purpose other than the one announced, the omission of the duty to inform the affected party, the requirement of a payment to be able to access the stored data or the international transfer of information without guarantees among others.

Penalties of 60,000 to 300,000 euros

Those that suppose a substantial violation of the treatment and have to do with data of a minor collected without consent, lack of adoption of technical and organizational measures necessary for the effective protection of data or, for example, the breach of the obligation to appoint the person responsible or data controller.

Penalties of 600 to 60,000 euros

The rest that are not included in the previous groups.

Do you need personalized advice?

Tell us about your company's current situation and legal doubts you may have. We will call you and analyze your case to assess whether your company has any compliance issues.

What is our LOPD consulting service?

Comprehensive analysis of the needs of your company

Personalized study of the types of data, systems, procedures and organization to determine the use, typology and scope of data processing what your company should do.

Execution of technical and organizational obligations

We propose solutions and take care of their implementation so that the company fulfill your obligations before the law: registration of treatment activities, review of clauses and contracts, review of procedures …

Assessment to determine if the figure of the DPO is necessary

Our legal compliance experts will determine if your company should designate a Data Protection Officer (DPO) . In that case, we will take care of all the administrative procedures before the AEPD.

Annual monitoring and security audit every 2 years

You will have at your disposal an Edorteam consultant for any query or report incidents. On a biannual basis, we will carry out an GDPR audit , to verify that your company continues to comply with the law.

Includes LOPD Online management software

LOPD Online is a cloud management platform from where you will manage all the documentation regarding the protection of your company’s data:

Featured features


Manage the Security Document


Generate confidentiality agreements and other contracts


Quickly report about security issues


Always keep the record of I / O media up to date

Advantages for your business

100% online service, documentation always updated and available


Direct communication with your Edorteam GDPR expert consultant

Regular audits and training by our specialists


The comfort of being GDPR compliant

Differences between LOPD and GDPR


Organic Law on Data Protection (LOPD)

It is the law that regulates Personal Data Protection in Spain, and affects all companies, since to a greater or lesser extent, they all store personal information.

A company will face penalties from € 900 to € 600,000 in case of non-compliance.


General Data Protection Regulation (GDPR)

Normative european approved with the aim of unifying all its member states in matters of Data Protection.

Although our country has its own legislation (the LOPD), the GDPR should also be taken as a reference standard while a new LOPD that takes into consideration the GDPR is not approved.

If you want more information about GDPR, click on the following link.

Differences between LOPD and GDPR

In accordance with LOPD and GDPR, all companies must maintain basic procedures that ensure the protection of personal data contained in automated files , for example:

  • Data of your customers, employees and suppliers
  • Lists to carry out marketing campaigns
It continues to comply with the LOPD, also in the case of teleworking

It continues to comply with the LOPD, also in the case of teleworking

Did you know that in October 2020 the Royal Decree-Law on remote work (RD 28/2020)?

As a fundamental point, it is established that working from home the same protection measures must be applied of data and information security than in the office, under risk of breaking the LOPD. With cloud or remote desktop solutions, you have to avoid applications that do not offer guarantees and may give rise to the exposure of personal data of workers, clients and other private information.

With the advice of our legal consulting department, with more than 25 years of experience, we guarantee that your company will comply with the obligations established in the LOPD and GDPR. We adapt to the reality of your business.

Is your company complying with the Telework Law?

The Royal Decree-Law on remote work entered into force in October 2020.

Download our e-book and discover what measures you should apply in terms of data protection and information security.

Avoid these and other sanctions with a Compliance plan

A security breach in personal data stored, either involuntary or caused by one of your workers, will be a reason for harsh penalties to your company.

Having a Compliance program can avoid this.