Compliance with data protection regulations is today essential to protect your company and avoid penalties.

The right to the protection of personal data is a fundamental right of all people that translates into the power of control over the use made of their personal data. This control makes it possible to avoid that, through the processing of our data, information about us that affects our privacy and other fundamental rights and public freedoms, may become available.


Data protection refers to the fundamental principles, safeguards, and practices in place to protect your personal information and ensure that you remain in control of it.

Our data Protection services:



Adaptation to data protection regulations (GDPR)

Regulation (EU) 2016/679 and Organic Law 3/2018 on the protection of personal data and guarantee of digital rights, evaluating the specific sectoral risks of each market and scope of action.

Periodic review and audit of the implanted system

Review of all the measures implemented by the organization, both at a technical and legal level, issuing an audit report indicating, where appropriate, the necessary corrective measures.

Maintenance and updating of the obligations required by current regulations and Support to the Data Protection Delegate (DPD)

Maintenance and updating of the obligations required by current regulations. Telematic and face-to-face consulting service, updating and maintenance of the implanted systems, Training for employees and managers of areas, annual audit report.

Outsourcing of the figure of the Data Protection Delegate

ITS Consulting assumes the DPD functions of your company. We assume the responsibility and all the tasks of the DPO, updating and monitoring the data protection system, and regularly reporting to the company’s Board of Directors.

Frequently asked questions about Data Protection:

Why does my company need the GDPR?

The GDPR is mandatory. The control body (the AEPD) carries out inspections and attends to complaints and claims, which can lead to high penalties.

If I don't have personal data, do I have to comply with the RGPD?

No company escapes compliance with data protection regulations. Personal data is considered to be the data of the workers themselves, professional contact data (such as the corporate email and telephone number of clients and suppliers, cookies, IP, etc…)

Do I have to sign a data protection contract with all my suppliers?

No. You only have to sign contracts for the data controller with the providers who, due to the service they provide, can have access to the company’s personal data.

Am I required to hire a DPD

If your company has a high volume of data, deals with sensitive information, or is included within the numerus clausus established by art. 34 of the LOPD-GDD, it is mandatory to designate a DPD. However, appointing a DPD voluntarily adds value to organizations by achieving a better integration of privacy and security in their processes.

Am I obliged to audit my data protection system?

Yes. According to Article 32.1.d of the RGPD, the person in charge will implement the appropriate technical and organizational measures to guarantee a level of security appropriate to the risk and, among those measures, they will regularly evaluate the effectiveness of the measures adopted to guarantee the security of the files