Factoria de Apps
Services

Comply with data protection law with no legal surprises

We adapt your company to the Spanish LOPDGDD and the European General Data Protection Regulation with a process tailored to freelancers and SMEs. Initial audit, ROPA, clauses, processor agreements, team training and compliance certificate. No useless paperwork, no eternal fees.

Data Protection
Why it matters

Data protection law is not a recommendation

Every company processing personal data (customers, employees, suppliers) is legally bound to comply with the data protection regulations. Getting it right protects your customers, avoids serious fines and gives you a real edge over competitors who improvise.

Fines that really hurt

The Spanish DPA imposes fines from a few thousand to millions of euros. They're no longer anecdotal: they're published and collected. Prevention costs a fraction of defending yourself.

Customer trust

A clear policy and proper consent are signs of professionalism. Your customers notice the difference between a website that respects their privacy and one that quietly watches them.

Up-to-date inventory and ROPA

We document what data you process, why, for how long and who can access it. The Record of Processing Activities (ROPA) is the backbone of compliance.

72-hour breach notification

If there's a data leak, the law gives you 72 hours to notify the DPA and affected users. We leave you the protocol and templates ready to respond without panicking.

Customer rights, managed

Access, rectification, erasure, objection, portability. We give you the procedures to respond to any request within legal deadlines.

Continuous DPO advice

It's not a one-off job: regulations change, new tech appears and your business evolves. We keep your adaptation up to date with regular reviews and support when you need it.

GDPR-ready company or "we'll see"

The difference between taking data protection seriously and postponing it "for later" shows up the day a complaint or inspection lands.

With proper GDPR adaptation

  • Complete and up-to-date ROPA for every processing activity.
  • Clauses and consents on every form.
  • Processor agreements (hosting, accountant, IT…).
  • Documented procedure for breaches and rights requests.
  • Team training on best practices.
  • Compliance certificate that builds trust.

No adaptation or a copy-paste PDF

  • No ROPA or data inventory: you don't know what you process.
  • Policy copied from the internet, no real value.
  • No processor agreements: unlimited liability.
  • Breach and you don't know what to notify, to whom or how.
  • Untrained team: constant human errors.
  • No one to call if a complaint or inspection arrives.
Data Protection

Protected data, peaceful customers

It is essential for all companies to comply with the European General Data Protection Regulation (GDPR) and the Spanish Data Protection Act (LOPDGDD). We act as intermediaries between your company's management and the technical staff responsible for implementing the necessary measures, in Spanish and Catalan, with a clear process and documented outcomes that hold up to an inspection by the Spanish data protection authority.

What's included

  • Web and security audit
  • Data processing records (RAT)
  • Clauses and informative notices
  • Contracts with data processors
  • Confidentiality agreements
  • Training and support for the data controller
  • Compliance certificate

Plans and prices

Without VAT With VAT
Setup + 1 year maintenance

Freelancers

€195 / year
  • No setup fee
  • Online USERDESK management
  • Equipment and media inventory
  • Risk assessment
  • Clauses and informative notices
  • RAT (Register of Processing Activities)
  • Contracts and confidentiality agreements
  • Training and support for the data controller
  • Compliance certificate
Configure
Recommended
GDPR / LOPD + LSSI compliance

SMEs

€195 / year
  • Setup: €150 upon contracting the service
  • From 2 to 20 employees
  • Equipment and media inventory
  • Risk assessment
  • Clauses and informative notices
  • RAT and contracts
  • Ongoing training and support
  • Compliance certificate
  • Biennial audit
Configure
Your website compliant

Web Adaptation

€150
  • For WordPress websites (other formats on request)
  • 3 languages (ES, CA, EN)
  • Legal Notice drafting/review
  • Privacy Policy drafting/review
  • Cookies Policy drafting/review
  • Privacy clauses on forms and email signature
  • Consent checkboxes
  • Interactive cookies banner
  • Web security audit
  • Online record of consents
Configure

Frequently asked questions

The things people ask us most before adapting their company to GDPR.

Is my company really required to comply with GDPR?
If you process personal data of customers, employees, suppliers or web users — yes. There's no minimum size threshold: a SME with three employees and a freelancer with a customer database are bound the same way as a multinational. The measures scale with size and risk, but the obligation is universal.
How long does the initial adaptation take?
For freelancers and small SMEs, between 2 and 4 weeks from gathering information to the compliance certificate. For SMEs with more than 20 employees or specific sectors (health, banking, law) it can take 6-8 weeks.
Do I need to appoint a Data Protection Officer (DPO)?
Only required in certain cases (public bodies, large-scale processing, sensitive data). But recommended for many SMEs processing customer data. We can act as an external DPO if your company needs one.
What exactly does the compliance certificate include?
A document attesting that your company has completed the adaptation steps: ROPA, clauses, consents, agreements, training, etc. It's not binding for the DPA, but in front of a customer, supplier or inspection it shows you took the regulation seriously.
And if the DPA fines me even with everything in order?
Compliance dramatically reduces the likelihood of a fine and, if one arrives, lowers the amount. A company that shows due diligence (ROPA, training, signed contracts, documented procedures) rarely receives maximum fines — it usually ends with warnings or minor sanctions.
Do you sign processor agreements with clients?
Yes, always. If we host your site, handle maintenance or manage forms where personal data arrives, we sign the data processor agreement (GDPR article 28) with you. It's mandatory and included at no extra cost.
What about cookies and the consent banner?
The "Web adaptation" plan includes a cookies banner with granular consent, cookies policy, consent log and blocking of non-essential scripts until accepted. Complies with the Spanish DPA's cookies guidance.
Does the adaptation renew yearly?
Regulations change, your company's processing evolves and case law updates. The yearly plan includes review + document updates, biennial audit and consultation support. Without maintenance, the first adaptation has a practical expiry date.

Need more information?

Tell us about your project and we will craft a tailored proposal.

Configure your service