On Tuesday 3 November, the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD) sent a letter to all companies operating in Spain that had previously notified it of cross-border data transfers to Safe Harbor certified companies. All companies in receipt of the letter are required to inform the AEPD by 29 January 2016 of any mechanisms they have implemented to ensure the adequate protection of personal data in such transfers.