Artificial intelligence and data protection
Advice on the use of artificial intelligence systems and automated information processing technologies: privacy impact assessment, algorithmic transparency, security and regulatory compliance. Integration of technological innovation with a solid and responsible legal foundation.
How we work
Our methodology for this service
AI system and risk analysis
We analyse the client's artificial intelligence or automated processing system — type, data involved, impact on individuals — to assess privacy risks and applicable regulatory compliance.
Privacy impact assessment (PIA)
We conduct a privacy impact assessment specific to the AI system, identifying high-risk processing, necessary mitigation measures and required documentation.
Adaptation to the EU AI Act
We advise on the obligations of the EU AI Act — risk classification, transparency requirements, technical documentation — and support adaptation of the system to ensure compliance.
Data governance and algorithmic ethics
We design governance frameworks for the responsible use of AI, addressing algorithmic transparency, non-discrimination, explainability and the rights of those affected by automated decisions.
Who this is for
Companies developing or implementing artificial intelligence solutions, technology startups creating automation or machine learning systems with impact on individuals, and organisations in regulated sectors such as finance, healthcare or HR that use AI in their decision-making processes.
Discover more by sector
Why MES Legal?
- Specialist lawyers with proven expertise in each practice area
- Offices in Barcelona and Madrid with national coverage throughout Spain
- Results-oriented, practical approach with clear risk management
- Direct professional relationship — no large-firm layers or intermediaries
Other services in this area
-
GDPR and LOPDGDD implementation
Design and implementation of a data protection policy tailored to the client's operational reality, whatever their sector: commercial, financial, real estate, healthcare, educational, legal, technology or industrial. Preparation of all documentation required for effective and proportionate compliance.
-
Privacy legal and contractual documentation
Drafting and review of data processing agreements, information notices, privacy policies, legal disclaimers, internal protocols and other legal and organisational documents required for the client's activity.
-
Records of Processing Activities (RoPA)
Preparation, review and ongoing maintenance of the Records of Processing Activities, ensuring it accurately reflects the processing carried out by the entity and remains aligned with the evolution of its operations and regulatory obligations.
-
Risk analysis and Data Protection Impact Assessments (DPIA)
Audits, risk analyses and Data Protection Impact Assessments for processing operations that may significantly affect individuals' rights and freedoms. Identification of vulnerabilities and corrective measures to anticipate contingencies and strengthen compliance.