GDPR and LOPDGDD implementation
Design and implementation of a data protection policy tailored to the client's operational reality, whatever their sector: commercial, financial, real estate, healthcare, educational, legal, technology or industrial. Preparation of all documentation required for effective and proportionate compliance.
How we work
Our methodology for this service
Compliance status diagnosis
We carry out an initial analysis of the client's data processing activities, existing documentation and actual compliance status against GDPR and LOPDGDD requirements to identify priority gaps.
Compliance system design
We design the compliance system adapted to the client's actual activity, defining the processing operations, legal bases, security measures, data subject rights and necessary internal procedures.
Documentation preparation
We draft all required documentation: privacy policies, legal notices, data processing agreements, records of processing and internal protocols, ensuring they are clear, complete and up to date.
Training, implementation and ongoing review
We support the client in the practical implementation of the compliance system, train the teams involved and conduct periodic reviews to keep compliance up to date as the business or regulations change.
Who this is for
Companies of any size and sector processing personal data that need to adapt their activity to the GDPR and LOPDGDD. Particularly relevant for entities starting their compliance journey, those that have undergone organisational changes, or those operating in high privacy-sensitivity sectors such as healthcare, finance, technology or education.
Discover more by sector
Why MES Legal?
- Specialist lawyers with proven expertise in each practice area
- Offices in Barcelona and Madrid with national coverage throughout Spain
- Results-oriented, practical approach with clear risk management
- Direct professional relationship — no large-firm layers or intermediaries
Other services in this area
-
Privacy legal and contractual documentation
Drafting and review of data processing agreements, information notices, privacy policies, legal disclaimers, internal protocols and other legal and organisational documents required for the client's activity.
-
Records of Processing Activities (RoPA)
Preparation, review and ongoing maintenance of the Records of Processing Activities, ensuring it accurately reflects the processing carried out by the entity and remains aligned with the evolution of its operations and regulatory obligations.
-
Risk analysis and Data Protection Impact Assessments (DPIA)
Audits, risk analyses and Data Protection Impact Assessments for processing operations that may significantly affect individuals' rights and freedoms. Identification of vulnerabilities and corrective measures to anticipate contingencies and strengthen compliance.
-
Security measures and organisational compliance
Implementation of the technical, organisational and legal measures necessary to ensure data confidentiality, integrity and availability, together with the definition of internal protocols, incident management policies and control and supervision mechanisms.