The AEPD (Spanish Data Protection Authority) has among its objectives to promote and disseminate knowledge about the privacy risks that arise with the development of new services, applications and with technological evolution and how to manage them with sustainable solutions from the point of view of the rights and freedoms of citizens, as well as presenting useful tools to facilitate the regulatory adaptation to SMEs and entrepeneurs.
Guidelines, reports and technical surveys
In this section you can find documents developed by the AEPD (guidelines, reports, surveys, ...) designed to disseminate knowledge among controllers, processors and those interested parties in data protection.
General surveys
- Introduction to the Hash Function as a Personal Data Pseudonymisation Technique [nov 2019]
- A Guide to Privacy by Design [oct 2019]
- K-anonymity as a privacy measure [jun 2019]
- Guide on personal data breach management and notification [jun 2018]
Specific surveys
- Guide on drones and data protection [may 2019]
Risk management
- List of the types of data processing that require a DPIA (art 35.4)
- Indicative list of the types of data processing that do not require DPIA (art 35.5) [aug 2019]
Internet and mobile systems
- DNS Privacy [nov 2019]
- A Guide on the use of cookies [nov 2019]
- The duty to inform and other accountability measures for mobile devices [may 2019]
- Access to applications on the screen for Android devices [may 2019]
- User controls for ad personalisation on Android [may 2019]
- Survey about preinstalled apps in Android and privacy risks [mar 2019]
- Analysis of information flows in Android. Tools for compliance with accountability [mar 2019]
- Survey on Device Fingerprinting [feb 2019]
Tools for controllers
The AEPD has developed tools and help material to assist with compliance with general data protection regulation for small businesses, entrepreneurs and developers, and other types of controllers.
- Tool to help compliance with RGPD for entities that carry out low risk processing activities
- Tool to carry out risk analysis and privacy impact assessment
- Template for Data Protection Impact Assessment for Public Administrations
In any case, controllers and processors should not forget to verify that they comply with all the requirements and obligations that guarantee compliance with GDPR and national rules on data protection.
Technical posts in the AEPD blog
The Agency has a blog in which different articles of interest on personal data protection are published periodically. Bellow is an extract of the most interesting technical posts published so far.
- Encryption and Privacy: Encryption in the GDPR [nov 2019]
- Data breaches: protect yourself against the loss or theft of a portable device [oct 2019]
- Privacy Engineering [sep 2019]
- Personal data breaches: what they are and how to respond [jun 2019]
- Personal data breaches: protect yourself against ransomware [may 2019]
Collaborations and Tecnological Awards
In the framework of the promotion of research on the fundamental right to data protection, the AEPD announces awards, in different categories, to encourage innovation in terms of privacy.
In the call of 2019, the following technological awards have been convened in the field of research and entrepreneurship in the protection of personal data:
Emilio Aced Personal Data Protection Research Award
Resolución de la Agencia Española de Protección de Datos, por la que se convoca el Premio de Investigación en Protección de Datos Personales Emilio Aced (BOE).
Ángela Ruiz Entrepreneurship in Protection of Personal Data Award
Resolución de la Agencia Española de Protección de Datos, por la que se convoca la primera edición del Premio de Emprendimiento en Protección de Datos Personales Ángela Ruiz Robles(BOE).
Links to documents of interest
This section includes a collection of links to documents and surveys of interest published by other entities and organizations, national and international.
-
European Data Protection Board
- ART.29 WP: Statement of the WP29 on encryption and their impact on the protection of individuals with regard to the processing of their personal data in the EU [april 2019]
- ART.29 WP: Guidelines on Personal data breach notification under Regulation 2016/679 [feb 2018]
- ART.29 WP: Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 [oct 2017]
- ART.29 WP: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 [april 2017]
- ART.29 WP: Guidelines on the right to data portability [april 2017]
- ART.29 WP: Opinion 01/2015 on Privacy and Data Protection Issues relating to the Utilisation of Drones [jun 2015]
- ART.29 WP: Opinion 05/2014 on Anonymisation Techniques [april 2014]
- ART.29 WP: Opinion 02/2013 on apps on smart devices [feb 2013]
- ART.29 WP: Opinion 3/2012 on developments in biometric technologies [april 2012]
- European Data Protection Supervisor
- EDPS: Connected Cars [dec 2019]
- EDPS: Smart Meters in Smart Homes [oct 2019]
- EDPS: Smart Speakers and Virtual Assistants [jul 2019]
- EDPS: Meeting the challenges of big data [nov 2015]
- European Commission – IA HLEG: A definition of AI: Main capabilities and disciplines [april 2019]
- European Commission – IA HLEG: Ethics guidelines for trustworthy AI [april 2019]
- Council of Europe: Guidelines on Artificial Intelligence and Data Protection [jan 2019]
- Council of Europe: Artificial Intelligence and Data Protection: Challenges and Possible Remedies [jan 2019]
- ENISA: Recommendations on shaping technology according to GDPR provisions - Exploring the notion of data protection by default [dec 2018]
- ENISA: Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation [nov 2018]
- ENISA: Handbook on Security of Personal Data Processing [dec 2017]