We help your organization to ensure compliance with legislation, regulations and safety regulations.

We offer Advice and Audit in relation to the regulatory aspects, laws and national or international regulations that affect the Information Systems, and in particular, the security and control measures. In most cases they require a process of adapting them, as well as establishing audits and periodic maintenance.


Its purpose is to define the minimum common requirements for Internet payment services, defined by the European Central Bank (ECB), regardless of the device used, including:

  • Cards
    Electronic c:ommands
    Electronic money

    Its purpose is to define the minimum common requirements for Internet payment services, defined by the European Central Bank (ECB), regardless of the device used, including

    Electronic commands
    Electronic money

Within this section, we can distinguish the following services:


In this service the following actions will be carried out:

● Analysis of the data processed by your company.

● Determination of the Applicable Safety Level.

● Registration of Personal Data Files in the AEPD.

● Preparation of the security document.

● Adaptation of the documentation of your company (forms of collection of personal data, contracts, clauses to incorporate all types of contracts, such as commercial contracts and any other that involves the collection of personal data …).


In this service, the level of compliance with Royal Decree 1720/2007 will be analyzed for the medium and high level archives of the Entity. Issue the corresponding biennial audit report, which must be available to the Spanish Agency for Data Protection.


This service involves the implementation and monitoring of the actions to be carried out to comply with the GDPR, the performance of the periodic controls required by RD 1720/2007, the update of the documentation based on the results of the controls carried out, the training of the Entity’s personnel, as well as the resolution of any legal query related to the GDPR, that may arise.

Its purpose is to define the minimum common requirements for Internet payment services, defined by the European Central Bank (ECB), regardless of the device used, including:

  • Cards
  • Transfers
  • Electronic commands
  • Electronic money

The audits consist of analyzing the recommendations of the ECB, indicating, for each of the controls, the degree of compliance (compliance, partial compliance, non-compliance or not applicable), as well as the recommendations that must be taken into account in case of non-compliance. – Compliance with the provisions of the ECB recommendations.

On October 12, 2002, Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce (LSSI-CE) came into force, practically in its entirety.

This law has many fields of action. Among others, it affects all companies that have a web page, since the services they provide through it, directly or indirectly, are part of the scope of their commercial or professional activity and, therefore, provide economic benefits or promotion of its activity.

It also expressly regulates the sending of emails.

With regard to the Law on Measures to Promote the Information Society (LISI), it entered into force on December 29, 2007. This legislation implies the modification of the LSSI-CE (Article 12 bis) of March 29, 2007.

This regulatory framework, which is closely related to the internal and external systems and processes of companies, especially affects companies included in any of the following sectors:

● Financial entities (Banking, financial assets …).
● Gas, water, telephony, electricity (energy market operators).
● Travel agencies, transport.
● Retail business activities.

Within this section, we can distinguish the following services:


Analysis and definition of the obligations for the company, legal recommendations, drafting of the security policy of the web pages, revision and / or drafting of treatment contracts by third parties, legal clauses, etc.


Based on the level of compliance with the Law of Services of the Information Society and Electronic Commerce (LSSI-CE) and the Law of Measures to Promote the Information Society (LISI), an audit report will be issued with the weaknesses detected, as well as our recommendation of how to correct them.

The widespread use of the Internet in recent years is causing changes in all branches of law, so it is necessary to adapt to maintain the activity that takes place on the Internet.

Our group of lawyers specializes in laws and the use of new technologies in the law, as well as the implications these may have on organizations.

Some of the aspects that are influenced are:

  • Online recruitment
  • Electronic commerce
  • Data Protection Intellectual property and content management.
  • Digital signature
  • Protection of web content


Advise, adapt, review, maintain and audit the application of the National Security System in the electronic means of the Public Administrations that give access to Public Services.


Advise in the establishment of interoperability principles and guidelines in the exchange and conservation of electronic information by Public Administrations.

Following the latest regulatory changes and changes in global business models, the implementation of a compliance culture as well as the establishment of control measures and compliance monitoring has become one of the priorities for Companies and Societies, regardless of their sector.

On the other hand, we must make special reference to the introduction in our legal system of the Criminal Liability of Legal Entities, in charge of the reforms of the Penal Code, and that supposes a theoretical challenge for the Administration of Justice as well as a challenge for Companies, which must implement models for the prevention of criminal risks that allow them not only to delve into the Culture of Compliance, but also to be able to exempt themselves from an eventual criminal conviction.

For this, Caberseg offers its customers a range of services designed to adapt all types of companies to this new reality.

In this sense, our services are aimed at the Implementation, Development and Review of Criminal Risk Prevention Models, and more specifically:

  • Preparation and updating of Criminal Risk Maps.
  • Preparation of Internal Procedures on regulatory compliance.
  • Preparation of Codes of Conduct and internal regulations.
  • Analysis and improvement of procedures and controls implemented.
  • Administration and external processing of Whistleblower Channels.
  • Periodic review of the functioning of the Criminal Risk Prevention Models.
  • Consultancy on Criminal Liability of the Legal Person.

For all this, Caberseg has professionals trained in this new legal area and with the experience acquired as a result of their participation in projects and work in different sectors (banking, health, industrial, etc.).

Advice on any other regulatory aspect that may affect the management of information systems, such as the protection of critical infrastructures, MIFID, prevention of money laundering, Sarbanes Oxley, Basel III, Solvency II, …