Innovation and Technology

Ultima modificación

The AEPD (Spanish Data Protection Authority) has among its objectives to promote and disseminate knowledge about the privacy risks that arise with the development of new services, applications and with technological evolution and how to manage them with sustainable solutions from the point of view of the rights and freedoms of citizens, as well as presenting useful tools to facilitate the regulatory adaptation to SMEs and entrepeneurs.

Breaking news regarding accountability


Basic tools for accountability compliance

The AEPD has developed tools and help material to assist with compliance with general data protection regulation for small businesses, entrepreneurs and developers, and other types of controllers. This section lists those tools that are common to all types of processings. In the section "Guides, reports and technical notes" you can find specific material that extends their scope to specific treatments, technologies or controllers.

In any case, controllers and processors should not forget to verify that they comply with all the requirements and obligations that guarantee compliance with GDPR and national rules on data protection.

Risk management

The following resources support the obligation to carry out a risk analysis of personal data processings:

Data Privacy Impact Assessment

The following resources support the obligation to carry out a data privacy impact assessment of personal data processings:

Data Protection by Design and by Default

The following resources support the obligation to take into account, from the initial stages of definition and analysis of the processing, appropriate technical and organisational measures for ensuring, by design and by default, data protection principles implementation:

Personal Data Breach Management

The following resources support the obligation to implement incident recording and notification mechanisms in order to properly manage any possible security breache that may arise during personal data processing.


Guidelines, reports and technical surveys

In this section you can find documents developed by the AEPD (guidelines, reports, surveys, ...) designed to disseminate knowledge among controllers, processors and those interested parties in data protection.These resources are grouped by categories and ordered by publication date.

General surveys

Specific surveys

Risk management

Internet and mobile systems


Technical posts in the AEPD blog

The Agency has a blog in which different articles of interest on personal data protection are published periodically. Bellow is an extract of the most interesting technical posts published so far.

General posts
Encryption and privacy posts
Internet and mobile systems posts
Data breach posts


Collaborations and Tecnological Awards

In the framework of the promotion of research on the fundamental right to data protection, the AEPD announces awards, in different categories, to encourage innovation in terms of privacy.

In the call of 2019, the following technological awards have been convened in the field of research and entrepreneurship in the protection of personal data: 

Emilio Aced Personal Data Protection Research Award

This award recognises data protection works and projects carried out in the context of scientific and technical research, with a strictly practical approach, in which the application of data protection principles in the field of scientific and technical development is studied, analysed or developed in order to guarantee the rights and freedoms of individuals.  You can access the data of the call in this link.

Awarded work 2019:

Award: Julien Armand Pierre Gamba, Mohammed Ahmed Fahim Rashed, Abbas Razaghpanah, Juan Manuel Estévez Tapiador y Narseo Vallina-Rodríguez. Stony Brook University (Universidad Carlos III de Madrid y IMDEA Networks Institute).

Secondary award (Accésit): Mikel Recuero Linares. Subdirección General de Evaluación y el Fondo Europeo de Desarrollo Regional (FEDER “Una manera de hacer Europa”).

Ángela Ruiz Entrepreneurship in Protection of Personal Data Award

This award recognizes the development of an original, creative, innovative business activity, product or service with a social impact in relation to data protection and the guarantee of the rights and freedoms of individuals. You can access the data of the call in this link.

Awarded work 2019:

Award: Molinapps S.L.U. Armando Molina Betancor.


Links to documents of interest

This section includes a collection of links to documents and surveys of interest published by other entities and organizations, national and international.