🌍 Embrace Borderless Opportunities with Lexidy’s New Global Mobility Department. Learn More!

GDPR and Whistleblower Law In Spain

SPAIN gdpr


When it comes to GDPR compliance, the Council of the European Union is determined to implement a Directive against public and private corruption based. First, it obliges companies, administrations and public entities to implement internal procedures for the reception and study of reports of irregularities. 


Whistle-blowers are people speaking up when they encounter, in the context of their work, wrongdoing that can harm the public interest, for instance by damaging the environment, public health and consumer safety and public finances.

On the other hand, it establishes a series of guarantees and measures for those who report such infringements, which will affect companies with more than 50 workers or those with a turnover equal to or higher than 10 million euros. Companies in sensitive sectors (such as financial) will also be affected by this rule. All of them will have to implement complaint channels that guarantee the confidentiality of the person who is providing information.

This rule must be transposed within two years. 


The government may intervine when it threatens national Security. 

According to Approved Decree-Law 14/2019, which adopts urgent security measures in the areas of e-government, public procurement and telecommunications.

The aim is to protect against the new threats associated with cyberspace, such as data theft, and also to prevent the creation of a parallel digital administration after the events that occurred in Catalonia.

The RD includes “urgent measures relating to national identity documents, electronic identification before Public Administrations, data held by Public Administrations, public procurement and the telecommunications sector”.

The Decree includes 5 parts: 

  • Measures concerning national identity documents
  • Measures in matters of electronic identification before Public Administrations, location of certain databases and data transferred to other Public Administrations
  • Public procurement measures
  • Measures to strengthen telecommunication security
  • Measures to strengthen coordination in the area of network and information system security. 

How can we help you?

We speak your language. If you would like more information about GDPR in Spain, or have any questions, please do not hesitate to contact us directly. We would be happy to assist you in any way we can!

How Can We help you?

Share with friends

More To Explore

Subscribe to our newsletter

Stay ahead of the changes that matter to you

Do not hesitate to contact us

Our experts will be happy to give you a hand