top of page
El trabajo digital
Cubierta de tableta y gafas

GDPR 679/2016

LOPD-GDD 3/2018

prior audit

This analysis is indicated for companies that do not have a previous adaptation or the adaptation to the LOPD-GDD 3/2018 had been initially carried out without regular monitoring or continuity. It is the preliminary study before being able to estimate the necessary effort to adapt it, including Company Policies, Security Policies, Contract Clauses, Legends and all those legal texts whose usual practice  is to "cut and paste "of others incorrectly applying those texts to the real needs of the company.


Advice on Technology Contracts

Technology Contracts

The current need for a very high degree of dependence on Information Technology and its service providers, not only for companies, but also for individuals, is known. A poorly written or poorly oriented contract undoubtedly causes undesirable  damages. At ASTRYA we are used to this type of advice for  contracts for:

Custom development, User licenses, Maintenance, Hosting, Outsourcing,  Service Level Agreement (SLA) Infrastructure as a Service (IaaS), Platforms as a Service (PaaS), Software as a Service (SaaS), Services On demand Service Agreement (OSA) Cloud Computing, etc.

Investigación de negocios

Risk Analysis and Impact Assessment

Risk Analysis 

Regulation (EU) 2016/679, of April 27, 2016 (GDPR), provides in article 35 that the data controller must carry out, before processing, an assessment of the impact of processing operations on data protection when it is likely that a type of treatment entails a high risk for the rights and freedoms of natural persons.

The AEPD has published different Guides to deal with Impact Assessments. At ASTRYA we follow the Privacy Driver method that combines the specifications of the Spanish Agency with the experience of multiple clients.


ISO 27001 and ENS

ISO 27001 ENS Implementation

An ISMS plan (Information System Management system), consists of designing, implementing, and maintaining the entire set of susceptible processes and belonging to the Information System, in such a way that it allows efficient management of information and its relationships with devices. , and thus ensure its integrity, confidentiality and availability on an ongoing basis.

On the other hand, the National Security Scheme is a requirement established by Law 11/2007 of June 22, on electronic access of citizens to Public Services, and regulated by Royal Decree 3/2018, of January 8. The ENS must be implemented by Public Administrations, as well as external companies that provide services to Public Administrations that involve access to information.


IT security


El  Real Decreto 43/2021 ,  desarrolla numerosos aspectos del  Real Decreto-ley 12/2018 _cc781905-5cde-3194-bb3b- 136bad5cf58d_security of networks and information systems. It deals with the main rule referring to cybersecurity issues, ensuring the alignment of Spanish law with the European harmonized framework in accordance with the  Directive 2016/1148  (better known as NIS Directive, acronym corresponding to networks and information systems in English). This recent regulatory development enriches the regulatory framework specifically developed for the field of cybersecurity for those sectors and operators of critical infrastructures.



Data Protection Delegate

Articles 37, 38 and 39 of the RGPD determine the casuistry, functions and responsibilities of the Data Protection Delegate, but especially in our LOPD-GDD art. 34, determines without any doubt who are the ones obliged to have this figure, whose main objective and responsibility is to inform, advise, supervise and cooperate with those responsible so that the processing of personal data is carried out within the framework of legality and with special attention to the Rights of individuals in the field of Data Protection.

The figure of the DPO is decisive for  security and regulatory compliance in public and private companies. A fundamental role that in ASTRYA we have extensive experience and satisfied customers.

bottom of page