Public Sector

Last updated:

Both the General Data Protection Regulation (GDPR) and Organic Law 3/2018 of 5 December 2015 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), which complements the GDPR, introduce important changes in terms of the obligations and requirements to be met by controllers in general and public administrations in particular.

The Regulation and the Organic Law consider that the role of data protection officer should provide adequate assistance and supervision to enable the controller and, where applicable, the processor to be in a position to comply with the obligations imposed by that legislation and be able to demonstrate this.

The purpose of this section on the processing carried out by the public authorities is to bring together, in the links below, all the resources available on the AEPD website so that they can be used by controllers, and in particular by the persons assigned to the role of data protection officer and their teams, thereby facilitating the exercise of their work.

General rules governing the processing carried out by public authorities

Guides, reports and documents on the processing of personal data of public authorities

Instructions and reports

Most relevant enquiries through the DPO Channel

Personal data breaches

Relevant resolutions on the treatment of public authorities.

DPO tools and channel

Public administrations sanctioned for failure to respond to requests and for failure to comply with measures