Our practices, focused on compliance.
Strategy, GDPR and compliance. One firm for the three fronts.
Data Protection & GDPR
12 services
Outsourced DPO in Burgos
Delegado de Protección de Datos externo en Burgos: designación ante la AEPD, canal de brecha en 24h y un interlocutor fijo que conoce tu sector, no una centralita nacional.
View details Outsourced DPO in PalenciaDelegado de Protección de Datos externo en Palencia: designación ante la AEPD, canal de brecha en 24h y atención presencial periódica en la provincia.
View details Outsourced DPO in LeónDelegado de Protección de Datos externo en León: designación ante la AEPD, canal de brecha en 24h y desplazamiento periódico a la capital, el Bierzo, La Bañeza y Sahagún.
View details Outsourced DPO in SalamancaDelegado de Protección de Datos externo en Salamanca: designación ante la AEPD, canal de brecha en 24h y atención presencial y remota desde nuestra sede en Castilla y León.
View details Outsourced DPO in Las PalmasDelegado de Protección de Datos externo en Las Palmas de Gran Canaria: designación ante la AEPD, canal de brecha en 24h y única presencia física del silo de protección de datos del grupo en Canarias.
View details Outsourced DPO in TenerifeDelegado de Protección de Datos externo en Tenerife: designación ante la AEPD, canal de brecha en 24h y atención remota y presencial desde nuestra oficina en Las Palmas de Gran Canaria.
View details DPO for public administrationsDPO externo para ayuntamientos, mancomunidades y organismos públicos: designación obligatoria sin excepción por el artículo 37.1.a del RGPD, con la fórmula del delegado compartido cuando el municipio lo necesita.
View details External DPO in ValladolidExternal Data Protection Officer in Valladolid: AEPD registration, breach channel within 24h and in-person support from our office at Fray Luis de León 3.
View details Consultoría RGPD y LOPDGDDGDPR and LOPDGDD adequacy for SMEs: records of processing, processor agreements, breaches and training. Real compliance, not templates.
View details Outsourced DPOWe take on the external DPO role with our own verticals in healthcare, education, religious sector, associations and local government. Breach response in under 24 hours, a real channel (not a generic email) and annual training.
View details Data subject rightsOperational procedure for handling ARCO rights requests: official channel, requester verification, a reasoned response within one month and documentary records under Article 12 GDPR.
View details Data breachesResponse protocol for GDPR security breaches: notification to the AEPD within 72 hours, communication to those affected and documentary records without delay or omissions.
View details CCTV & GDPRWe bring your CCTV system into line with GDPR and LOPDGDD: information notices, retention periods, workplace cameras and a breach protocol.
View details GDPR for advisory firms and law officesGDPR adequacy for advisory firms, tax and legal practices: processor agreements, dual-track records of processing and security measures for those handling third-party data daily.
View details GDPR for homeowner associationsGDPR adequacy for homeowner associations: CCTV in common areas, publication of defaulters under the LOPDGDD and a processor agreement with the property manager.
View details Education GDPRWe protect your students' and families' data so you can innovate in the classroom without legal risk.
View details GDPR for gyms and fitness centersComprehensive GDPR adequacy for gyms and fitness centres: access biometrics, mandatory DPIA, a non-biometric alternative, health data and CCTV, with support from Summum Consultoría.
View details GDPR for hospitalityGDPR adequacy for hospitality businesses: bookings, guest registration, CCTV and loyalty programmes for restaurants, hotels and tourist accommodation.
View details GDPR for real estate agenciesGDPR adequacy for real estate agencies: engagement letters, CRM, data transfers between parties and commercial communications compliant with the LSSI, with expert support across Castilla y León and the Canary Islands.
View details Healthcare GDPRTailored GDPR compliance for clinics and healthcare centres: documentation, protocols and an external DPO without disrupting patient care.
View detailsGDPR Near You (Local Offices)
7 services
Data protection in Burgos
Data protection support for companies and SMEs in Burgos and Castilla y León: GDPR adequacy, outsourced DPO and incident management with local presence and ongoing support.
View details Data protection in Las PalmasGDPR consulting in Las Palmas de Gran Canaria: support with regulatory adequacy, outsourced DPO and data protection for Canary Island companies, with remote support and occasional on-site visits.
View details Data protection in LeonData protection consulting in León: we support SMEs and freelancers in León with GDPR and LOPDGDD adequacy, with periodic in-person support and permanent remote support.
View details Data protection in PalenciaData protection consulting in Palencia: GDPR adequacy, outsourced DPO and support for the Palencia business community, with in-person and remote support.
View details Data protection in SalamancaData protection support for SMEs, practices and clinics in Salamanca: GDPR and LOPDGDD adequacy with in-person and remote support from Castilla y León.
View details Data protection in TenerifeExpert data protection support for companies and institutions in Tenerife: GDPR adequacy, outsourced DPO and ongoing privacy management from the Canary Islands.
View details Data protection in ValladolidData protection consulting in Valladolid: GDPR adequacy, outsourced DPO and in-person or remote support for SMEs and organisations in Castilla y León.
View detailsRegulatory Compliance & Cybersecurity
6 services
EU AI Act compliance
The AI Act comes into full force on 2 August 2026 for high-risk systems. We take you to compliance without waiting for a penalty. Consultoría + IA + Calidad cluster.
View details NIS2 · DORAWe coordinate the regulatory and procedural side of NIS2 and DORA; we work directly with Summum Sistemas on the technical side.
View details ENS (Spanish public-sector security)Alignment with updated RD 311/2022 across its three categories (Basic, Medium, High). Can be combined with ENS for AI systems.
View details Criminal compliance · UNE 19601Criminal risk map, code of ethics, whistleblowing channel compliant with Law 2/2023 and an operational compliance committee.
View details Whistleblowing channelWhistleblowing channel compliant with Ley 2/2023: full implementation, no unnecessary red tape, ready for the AIPI.
View details AML complianceWe implement your AML/CFT system so that SEPBLAC finds order, not gaps.
View detailsStrategy & Corporate Governance
5 services
Strategy & transformation
3-year vision, explicit business model, growth levers. Regulation is embedded in the plan, not appended at the end.
View details Corporate governanceGive your company real structure: an operational board, board secretariat and bylaws that open doors to investors and major clients.
View details Data governanceOnce GDPR compliance matures, governance follows: a data owner per asset, measured data quality, a retention policy and a single catalogue.
View details Dirección interina e interim managementInterim management for SMEs in transition: an experienced executive leading finance, operations or transformation, for exactly the time needed.
View details M&A advisory para pymesM&A advisory for SME buy-outs and sell-outs: valuation, due diligence and support through negotiation to closing.
View detailsSpecialized Legal & Regulatory Advisory
6 services
Public tenders