Emindset Law has advised businesses in Spain and Andorra from numerous sectors on all aspects of data protection and privacy regulations, focusing highly on e-commerce.


We are experienced in Privacy Policy matters in line with both general and sectorial applicable regulations, personal data on social media, information security, data processing lawful basis and renewal of consent, data protection liabilities and penalties, and other similar areas.

We draw up and negotiate contracts with special implications for data protection (outsourcing, provision of services, advertising campaigns, call centers, agency contracts, employment contracts, international data transfer contracts, and binding corporate rules, and more).

In order to draw up the Protocols stipulated by GDPR, a data protection regulation-based analysis of the life cycle of the data the business collects must be performed. (who processes the data? for what purposes? how is consent obtained? what rights are there and how are they exercised? who is the data disclosed to? is the data subject to international transfers?).

We analyze and advise on the data protection risks a product and/or service may imply for data subjects (data protection impact assessment). We draft the Protocols required by GDPR, such as, for example: Obtaining consent protocols, action plans for data subjects exercising their rights, data breach response plans, protocols for storing and erasing data, supplier hiring protocols, video surveillance protocols, etc…).

Can we talk?

    I have read and accept the Privacy Policy

    «Our added value is our transversal knowledge applicable to each case.»

    Data Protection Officer

    Not all companies are required to appoint a Data Protection Officer (DPO). But for those that are, at Emindset Law we offer support services to the DPO. Learn all about this figure, imposed by the European Data Protection Regulation.

    Legal Opinion

    One of the services most demanded by our clients is the issuance of Legal Opinions and advice for compliance and observance of the set of obligations under the regulations. This allows the company to analyze in advance all the implications in terms of data protection, of important business decisions and with international character.

    Data Protection Committee

    The new European Data Protection Regulation introduces a radical change in the field of accountability that affects all the obligations to which institutions and organizations are subject. This is the Proactive Accountability Principle. The GDPR requires a greater involvement of those responsible and in charge with a proactive attitude. In these cases, we assist companies in the formation and creation of a Data Protection Committee.


    At Emindset Law we aspire to achieve real data protection for all consumers. To this end, we work from the design of our clients’ products and services.»

    Emindset Team.