The AEPD (Spanish Data Protection Authority) has among its objectives to promote and disseminate knowledge about the privacy risks that arise with the development of new services, applications and with technological evolution and how to manage them with sustainable solutions from the point of view of the rights and freedoms of citizens, as well as presenting useful tools to facilitate the regulatory adaptation to SMEs and entrepeneurs.
Innovation and Technology
Guidelines, reports and technical surveys
In this section you can find documents developed by the AEPD (guidelines, reports, surveys, ...) designed to disseminate knowledge among controllers, processors and those interested parties in data protection.
- K-anonymity as a privacy measure [jun 2019]
- Guide on personal data breach management and notification [jun 2018]
- Guide on drones and data protection [may 2019]
Internet and mobile systems
- Access to applications on the screen for Android devices [may 2019]
- User controls for ad personalisation on Android [may 2019]
- Survey about preinstalled apps in Android and privacy risks [mar 2019]
- Analysis of information flows in Android. Tools for compliance with accountability [mar 2019]
- Survey on Device Fingerprinting [feb 2019]
Tools for controllers
The AEPD has developed tools and help material to assist with compliance with general data protection regulation for small businesses, entrepreneurs and developers, and other types of controllers.
- Tool to help compliance with RGPD for entities that carry out low risk processing activities
- Tool to carry out risk analysis and privacy impact assessment
- Template for Data Protection Impact Assessment for Public Administrations
In any case, controllers and processors should not forget to verify that they comply with all the requirements and obligations that guarantee compliance with GDPR and national rules on data protection.
Collaborations and Tecnological Awards
Emilio Aced Personal Data Protection Research Award
Ángela Ruiz Entrepreneurship in Protection of Personal Data Award
Links to documents of interest
This section includes a collection of links to documents and surveys of interest published by other entities and organizations, national and international.
- ART.29 WP: Statement of the WP29 on encryption and their impact on the protection of individuals with regard to the processing of their personal data in the EU [april 2019]
- ART.29 WP: Guidelines on Personal data breach notification under Regulation 2016/679 [feb 2018]
- ART.29 WP: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 [april 2017]
- ART.29 WP: Guidelines on the right to data portability [abr 2017]
- ART.29 WP: Opinion 01/2015 on Privacy and Data Protection Issues relating to the Utilisation of Drones [jun 2015]
- ART.29 WP: Opinion 05/2014 on Anonymisation Techniques [april 2014]
- ENISA: Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default [dic 2018]
- ENISA: Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation [nov 2018]
- European Commission – IA HLEG: A definition of AI: Main capabilities and disciplines [abr 2019]
- European Commission – IA HLEG: Ethics guidelines for trustworthy AI [abr 2019]
- Harvard University: Privacy Tools Project
- European Data Protection Board