Is sensitive data the same as personal data? No, sensitive data, or sensitive personal data, has more stringent requirements that must be met in order for your organisation to be able to process it. The requirements for processing personal data are different, and we’ll go into this in more depth later, as well as personal … Read more


The new European General Data Protection Regulation (GDPR), which requires mandatory compliance from 25 May 2018 includes numerous obligations and novelties. The new GDPR removes the obligation to notify the Spanish Data Protection Agency (AEPD) about the files. Instead, an obligation to maintain a Record of Processing Activities is established in certain cases. What is … Read more

The new European General Data Protection Regulation (GDPR) establishes new obligations for companies that provide a free or paid WiFi network to their customers. With the GDPR implementation, this activity is considered as processing of personal data, so it is necessary to comply with the obligations required by the regulation. From now on it will … Read more

Recently, the Spanish Data Protection Agency (AEPD) has published a sanctioning resolution against a gym based on denunciation of a customer for using access control system with a fingerprint. More specifically, the denouncer indicated that the use of this access control system “is a disproportionate means in the collection of data and that the document … Read more

The General Data Protection Regulation (GDPR) establishes new guidelines about the consent of minors in the processing of their personal data in order to increase the privacy of information. The data of minors are not considered sensitive data, but they are given special protection in the section 38 of the European Regulation 2016/679. The European … Read more