Privacy legal and contractual documentation
Drafting and review of data processing agreements, information notices, privacy policies, legal disclaimers, internal protocols and other legal and organisational documents required for the client's activity.
How we work
Our methodology for this service
Existing documentation audit
We review the client's current privacy documentation to identify gaps, outdated clauses, inconsistencies between documents and omissions that may generate compliance risks.
Drafting contracts and clauses
We draft data processing agreements, joint controller agreements and information clauses adapted to each relationship — customer, supplier, employee, user — with the technical precision the regulations demand.
Policies, notices and internal protocols
We draft privacy policies, legal notices, cookie policies, security breach management protocols and other internal documents that frame the organisation's regulatory compliance.
Periodic review and updating
We periodically review and update all documentation to ensure it reflects changes in the client's activity, applicable regulations and supervisory authority criteria.
Who this is for
Companies needing to update or complete their privacy documentation, organisations that have identified gaps in their contracts or legal notices, and any entity wanting to ensure their privacy documents rigorously meet GDPR and LOPDGDD requirements.
Discover more by sector
Why MES Legal?
- Specialist lawyers with proven expertise in each practice area
- Offices in Barcelona and Madrid with national coverage throughout Spain
- Results-oriented, practical approach with clear risk management
- Direct professional relationship — no large-firm layers or intermediaries
Other services in this area
-
GDPR and LOPDGDD implementation
Design and implementation of a data protection policy tailored to the client's operational reality, whatever their sector: commercial, financial, real estate, healthcare, educational, legal, technology or industrial. Preparation of all documentation required for effective and proportionate compliance.
-
Records of Processing Activities (RoPA)
Preparation, review and ongoing maintenance of the Records of Processing Activities, ensuring it accurately reflects the processing carried out by the entity and remains aligned with the evolution of its operations and regulatory obligations.
-
Risk analysis and Data Protection Impact Assessments (DPIA)
Audits, risk analyses and Data Protection Impact Assessments for processing operations that may significantly affect individuals' rights and freedoms. Identification of vulnerabilities and corrective measures to anticipate contingencies and strengthen compliance.
-
Security measures and organisational compliance
Implementation of the technical, organisational and legal measures necessary to ensure data confidentiality, integrity and availability, together with the definition of internal protocols, incident management policies and control and supervision mechanisms.