The first guide (in Spanish) deals with data protection risk assessment, which is a constant obligation for any entity processing personal data subject to the GDPR. It is necessary to evaluate the risk of each personal data processing activity in order to determine which security measures should be implemented for the protection of personal data processed or to analyse whether it is mandatory to carry out a Data Protection Impact Assessment (DPIA).

The second guide (also in Spanish) focuses on the obligation to carry out DPIAs which, in light of the GDPR, is mandatory whenever the processing may entail a high risk for the rights and freedoms of the individuals affected by the processing of their personal data. An EIPD would cover the security measures that would be appropriate to implement in order to mitigate such high risk.

These guides are highly useful for data protection professionals, who get to know, in their client's benefit, the SDPA's criterion before the GDPR becomes fully applicable.

Both guides are part of a set of publications that the SDPA has been publishing to enable citizens better know their rights and entities acknowledge their obligations under GDPR. All of the materials regarding GDPR published by the SDPA to this day are published in this website (in Spanish).