Logo d'APDCAT  
Home Authority Services

Services

  • Consultation Service
  • The Catalan Data Protection Register
  • Training in and publicity of the right to data protection
  • Drafting of reports, findings, instructions and recommendations
  • Inspection
  • Auditing and Security of Information
  • Documentation Centre

Public Information Service

See the corresponding section

 

Consultation Service

The Catalan Data Protection Authority (APDCAT) offers a personalised consultation service to institutions within its scope of authority that wish to adapt their actions to data protection legislation.

This service may be requested by:

  • All bodies, organisations and entities linked or answerable to the public institutions of Catalonia, the Administration of the Generalitat, the Catalan local authorities, the universities of Catalonia and the Public Law Corporations that carry out their activities exclusively in Catalonia and which, in accordance with article 156 of the Statute of Autonomy of Catalonia (EAC), form part of the APDCAT's scope of action.
  • The natural persons or legal entities that, in accordance with any agreement, contract or legal provision, manage public services or carry out public functions providing, in the latter case, the processing is performed in Catalonia and is related to matters which are the competence of the Generalitat of Catalonia or of the Catalan local authorities.

The consultation service is addressed to those people who are responsible for files and processing operations, data processors and the entities and consultants that advise them.

The main aim of this service is to provide continued support to all projects of adaptation to personal data protection legislation. Advice may be requested on initiation of a new project which may have impact in the area of data protection or at any other moment during the processing of personal data.

The service provides support to institutions throughout the adaptation process by means of regular meetings held in line with the needs of each entity and resolves any doubts which may arise.

The service is intended to help those entities that may need assistance in their processes of adaptation to data protection legislation, in the widest sense, while attempting to simplify actions and maintaining respect at all times for the fundamental right to the protection of personal data.

To request the consultation service, your application should be sent through the public information service consultes.apdcat@gencat.cat, indicating that you are writing to that service.

 

The Catalan Data Protection Register

See the corresponding section.

 

Training in and publicity of the right to data protection

In order to strengthen its training activities and extend knowledge of the culture of personal data protection, the Authority takes special interest in organising courses, conferences, symposiums and other activities that address the subject of the protection of data of a personal nature in different settings.

The training offered by the Catalan Data Protection Authority is mainly intended to improve the theoretical and practical knowledge held by public employees who work for the Administration of the Generalitat and other Catalan local authorities. Nonetheless, training activities are also organised which other professionals may attend, including those from the private sector.

Anyone who would like to receive information directly about these training and communication activities can ask to be included in the distribution list created for this purpose, by sending an email to consultes.apdcat@gencat.cat, or by completing a form which the Authority will send to the address you provide. The information can also be found on the Authority's website.

The Authority has published, participated in or promoted the publication of articles and books that address various aspects of data protection, and has drawn up a booklet to raise awareness of the legislation.

 

Drafting of reports, findings, instructions and recommendations

The Catalan Data Protection Authority issues reports, mandatorily, on provisions in the field of personal data protection to ensure they comply with that contained in the legislation. Specifically, these reports address proposed law, draft regulatory provisions drawn up by the Catalan government by virtue of legislative delegation and the draft regulatory rules or general provisions of the Generalitat of Catalonia that affect the protection of data of a personal nature. This includes general provisions that create, modify or delete files that contain personal data.

The Authority also issues reports in response to consultations made from the entities that fall within its scope of powers. The following entities may consult the APDCAT:

  • All bodies and entities linked or answerable to the public institutions of Catalonia, the Administration of the Generalitat, the Catalan local authorities, the universities of Catalonia and the Public Law Corporations that carry out their activities exclusively in Catalonia and which, in accordance with article 156 of the Statute of Autonomy of Catalonia (EAC), form part of the APDCAT's scope of action.
  • The natural persons or legal entities that, in accordance with any agreement, contract or legal provision, manage public services or carry out public functions providing, in the latter case, the processing is performed in Catalonia and is related to matters which are the competence of the Generalitat of Catalonia or of the Catalan local authorities.

The Authority also draws up instructions and recommendations to adapt data processing operations to current law.

Inspection

Through its Inspection Service, the Catalan Data Protection Authority verifies that file controllers and processors comply with current data protection law. It also pursues any infringement of this fundamental right and adopts the measures necessary to guarantee it.

The Inspection Service protects the exercise of data protection rights by individuals, specifically the rights of access, rectification, cancellation and objection (ARCO rights) and oversees the effectiveness of such action within the scope the Authority's powers.

The Inspection Service of the Catalan Data Protection Authority supervises the activities of:

  • All bodies and entities linked or answerable to the public institutions of Catalonia, the Administration of the Generalitat, the Catalan local authorities, the universities of Catalonia and the Public Law Corporations that carry out their activities exclusively in Catalonia and which, in accordance with article 156 of the Statute of Autonomy of Catalonia (EAC), form part of the APDCAT's scope of action.
  • The natural persons or legal entities that, in accordance with any agreement, contract or legal provision, manage public services or carry out public functions providing, in the latter case, the processing is performed in Catalonia and is related to matters which are the competence of the Generalitat of Catalonia or of the Catalan local authorities.

When a person (data subject) has exercised any of the rights of access, rectification, cancellation or objection (ARCO rights) before the file controller or processor and has not obtained an answer within the established period or the response has been completely or partially unsatisfactory, the data subject may make a claim to the Authority, which will verify whether the denial is well-founded or not.

A complaint may be made before the Authority for any action which is contrary to that provided in the data protection law (LOPD).

For further information and access to the standard claim forms that we make available, go to the Claim and Complain section.

Claims and complaints addressed to the Spanish Data Protection Agency (AEPD) may also be presented before the APDCAT, which will take charge of transferring them to the Spanish institution.

Auditing and Security of Information

The Auditing and Security of Information section is an area of the Catalan Data Protection Authority specialised in the technological aspects of personal data protection. Specifically, it deals with the auditing of information systems and with technologies in the sphere of information security.

The section carries out Audit Plans which verify, ex officio and preventively, whether those responsible for the processing of personal data comply with specific aspects of the regulations. Such assessment considers the degree of compliance and makes recommendations regarding appropriate adaptations, subsequently verifying that these recommendations have effectively been introduced.

These Plans affect all entities subject to the Authority's supervision:

  • The Administration of the Generalitat, local public authorities of Catalonia, autonomous entities, and public or private law entities answerable to autonomous or local public authorities or providing services or carrying out activities on their own account by means of any form of direct or indirect management, and also the universities that make up the Catalan university system.
  • The natural persons or legal entities that carry out public functions related to matters which are the competence of the Generalitat of Catalonia or of the Catalan local authorities if the processing is performed in Catalonia.
  • The Public Law Corporations which exercise their functions exclusively within the territorial area of Catalonia.

This section also provides specialised support to the Authority's Inspection Service in the field of information system auditing and the analysis of electronic evidence in cases in which the events which are the subject of investigation are connected with the possible infringement of technical or organisational security measures.

Documentation Centre

See the corresponding section.

 


Generalitat de Catalunya Legal notice - Accessibility
© Catalan Data Protection Authority. All rights reserved.
Icona de conformitat amb el Nivell A de les Directrius d'Accesibilitat pel Contingut Web 1.0 del W3C-WAI
Segell de Qualitat d'Internet