The new legislations are increasing the level of liability that companies can incur, not only for their actions, but for the actions of their employees. As a result, new risk management figures are emerging: Compliance, Data Protection, Cybersecurity and Electronic Commerce.

A) CORPORATE COMPLIANCE

Since Act 5/2010 came into effect on December 23, 2010, both national and foreign companies must have effective systems of supervision, control and crime prevention, commonly known as corporate compliance.

Establishing an effective Compliance and Ethics Program, has become a necessity. There are several core components that must exist to have an effective Program. These components are:

  • Corporate Compliance program.
  • Standards and procedures.
  • Code of conduct.
  • Training and education.
  • Risk assessment.
  • Disciplinary measures.

B) DATA PROTECTION

Personal information is an increasingly valuable business asset, and following the 2018 General Data Protection Regulation, in Spain it is mandatory for all companies to implement and comply. We advise on all aspects of compliance with data privacy law, on requirements under the EU Data Protection Directive and the national privacy laws. We design, draft, review and update data protection policies.

  • Data subject access and opposition rights.
  • Data security and data breaches.
  • Employee monitoring.
  • Outsourcing contracts.
  • Security document.

C) E-COMMERCE AND INFORMATION SOCIETY SERVICES

We offer advice on e-commerce and information society services that takes into account the specific regulations applicable to the companies:

  • Compliance with information society services legislation.
  • Unsolicited commercial communications.
  • Use of general conditions in e-contracts.
  • Legal aspects of Web design.
  • Third party liability.

D) CYBERSECURITY

Our specialized lawyers in cybersecurity offer a service for companies related with cyber risks, from prevention and adequacy of the company to subsequent advice following internal failures or external attacks.

  • Training.
  • Risks audit.
  • Drafting of policies and internal documents.
  • Strategy and cybersecurity procedures. Incident response plan.
  • Advise for incidents: examination, identification and legal defense.
  • Contingency plan.

E) MONEY LAUNDERING

Advice and implementation of money laundering prevention.