The Spanish Data Protection Agency (AEPD) and ISMS Forum Spain have published a "Code of Good Practice in Data Protection for Big Data Projects" (Code) in collaboration with companies and independent professionals aimed to assist any entities planning to launch big data projects under the scope of the GDPR. Consumer profiling is one of the primary uses of big data, but it can entail risks arising from the possible processing of data based on predictions if they are used in a discriminatory way eg, excluding minority sectors based on the analyzed data. Therefore, the development of big data projects entails a great deal of responsibility and must focus on preserving privacy. The Code is an important starting point of reference for companies, and it includes the applicable law, key issues and definitions. It also analyzes the main implications of the processing of data based on these techniques, such as obtaining consent, the origin, quality and conservation of data, the transparency in the information provided to data subjects, and the exercise of their rights. It also examines the aspects that companies shall take into account when using big data to guarantee data protection and privacy. Additionally, it sets out the need for impact evaluations in order to minimize the risks and the possibility of irreversibly anonymizing data. The Code concludes with a review of the essential technological measures in order to create an adequate environment to develop big data technologies.