The AEPD (Spanish Data Protection Authority) has among its objectives to promote and disseminate knowledge about the privacy risks that arise with the development of new services, applications and with technological evolution and how to manage them with sustainable solutions from the point of view of the rights and freedoms of citizens, as well as presenting useful tools to facilitate the regulatory adaptation to SMEs and entrepeneurs.
Innovation and Technology
Guidelines, reports and technical surveys
In this section you can find documents developed by the AEPD (guidelines, reports, surveys, ...) designed to disseminate knowledge among controllers, processors and those interested parties in data protection.
- A Guide to Privacy by Design [oct 2019]
- K-anonymity as a privacy measure [jun 2019]
- Guide on personal data breach management and notification [jun 2018]
- Guide on drones and data protection [may 2019]
- List of the types of data processing that require a DPIA (art 35.4)
- Indicative list of the types of data processing that do not require DPIA (art 35.5) [aug 2019]
Internet and mobile systems
- The duty to inform and other accountability measures for mobile devices [may 2019]
- Access to applications on the screen for Android devices [may 2019]
- User controls for ad personalisation on Android [may 2019]
- Survey about preinstalled apps in Android and privacy risks [mar 2019]
- Analysis of information flows in Android. Tools for compliance with accountability [mar 2019]
- Survey on Device Fingerprinting [feb 2019]
Tools for controllers
The AEPD has developed tools and help material to assist with compliance with general data protection regulation for small businesses, entrepreneurs and developers, and other types of controllers.
- Tool to help compliance with RGPD for entities that carry out low risk processing activities
- Tool to carry out risk analysis and privacy impact assessment
- Template for Data Protection Impact Assessment for Public Administrations
In any case, controllers and processors should not forget to verify that they comply with all the requirements and obligations that guarantee compliance with GDPR and national rules on data protection.
Technical posts in the AEPD blog
The Agency has a blog in which different articles of interest on personal data protection are published periodically. Bellow is an extract of the most interesting technical posts published so far.
Collaborations and Tecnological Awards
Emilio Aced Personal Data Protection Research Award
Ángela Ruiz Entrepreneurship in Protection of Personal Data Award
Links to documents of interest
This section includes a collection of links to documents and surveys of interest published by other entities and organizations, national and international.
- ART.29 WP: Statement of the WP29 on encryption and their impact on the protection of individuals with regard to the processing of their personal data in the EU [april 2019]
- ART.29 WP: Guidelines on Personal data breach notification under Regulation 2016/679 [feb 2018]
- ART.29 WP: Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 [oct 2017]
- ART.29 WP: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 [april 2017]
- ART.29 WP: Guidelines on the right to data portability [april 2017]
- ART.29 WP: Opinion 01/2015 on Privacy and Data Protection Issues relating to the Utilisation of Drones [jun 2015]
- ART.29 WP: Opinion 05/2014 on Anonymisation Techniques [april 2014]
- ART.29 WP: Opinion 02/2013 on apps on smart devices [feb 2013]
- ART.29 WP: Opinion 3/2012 on developments in biometric technologies [april 2012]
- European Data Protection Board
- European Commission – IA HLEG: A definition of AI: Main capabilities and disciplines [april 2019]
- European Commission – IA HLEG: Ethics guidelines for trustworthy AI [april 2019]
- Council of Europe: Guidelines on Artificial Intelligence and Data Protection [jan 2019]
- Council of Europe: Artificial Intelligence and Data Protection: Challenges and Possible Remedies [jan 2019]
- ENISA: Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default [dec 2018]
- ENISA: Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation [nov 2018]
- ENISA: Handbook on Security of Personal Data Processing [dec 2017]