Training & courses
We train teams in data protection, cybersecurity and good digital practices to reduce human risk within the organisation.
Learn more → Data protection · Cybersecurity · GDPR Protecting your information,
Protecting your information,
caring for your privacy
Tailored services in regulatory compliance, cybersecurity and systems optimisation. We support companies and professionals so they comply with the law and protect their clients’ data with full guarantees.
- RGPD / GDPR
- ISO 27001
- R.D. 311/2022 (ENS)
0 years protecting businesses
We work in line with the main compliance and security frameworks
Yahoo 2013 3 B accounts Credential theft Marriott 2018 500 M guests Persistent intrusion LinkedIn 2021 700 M profiles Mass scraping Equifax 2017 147 M people Unpatched vulnerability Facebook 2019 533 M users Data exposure SEPE (España) 2021 Ransomware Phone House (España) 2021 13 M records Ransomware Yahoo 2013 3 B accounts Credential theft Marriott 2018 500 M guests Persistent intrusion LinkedIn 2021 700 M profiles Mass scraping Equifax 2017 147 M people Unpatched vulnerability Facebook 2019 533 M users Data exposure SEPE (España) 2021 Ransomware Phone House (España) 2021 13 M records Ransomware
Services
Solutions to comply and protect
Modular services that adapt to your company, from training your team to legal representation before the supervisory authority.
Representation services
We act as your Data Protection Officer (DPO) and as your representative before the competent supervisory authority.
Learn more →GDPR adaptation
Audit, documentation and full adaptation to the GDPR and Spanish data protection law so your company complies smoothly.
Learn more →Kit Digital solutions
We manage your Kit Digital grant and deploy subsidised cybersecurity solutions for your business.
Learn more →Gestdiba
Document management and compliance platform that centralises your evidence and keeps everything always auditable.
Learn more → How we work
A clear method, no surprises
We know data protection can seem complex. That is why we follow a transparent four-step process.
Initial assessment
We analyse your current situation: what data you process, what risks exist and what the law requires. No commitment.
Tailored plan
We propose a clear, prioritised plan with deadlines and a fixed price. You decide with all the information.
Implementation
We carry out the legal adaptation and technical measures, train your team and document everything.
Ongoing support
We do not disappear: we review, update and support you with any change or incident.
Our approach
Three pillars for comprehensive protection
Compliance that builds trust
We help you meet your legal obligations and safeguard your clients’ data, turning regulatory compliance into a reputation guarantee.
Security under official standards
We integrate the ISO 27001 standard and Royal Decree 311/2022 (the Spanish National Security Framework) to assess and strengthen your real level of protection.
Prevention against threats
We work against cyberscams, digital violence and cyberbullying through awareness, legality and active prevention.
Security commitment
How we protect your information
Complying with the law is not enough: we apply real technical and organisational measures so your data is protected at every step.
Data encryption
Data encrypted in transit and at rest, with up-to-date protocols.
Backups
Encrypted backups, verified periodically to guarantee recovery.
Guaranteed confidentiality
Non-disclosure agreement (NDA) and duty of secrecy on every project.
Incident response
Action protocol and breach notification within the legal 72-hour deadline.
Least privilege
Role-based access control: each person only accesses what is strictly necessary.
Servers in the European Union
Data processing and hosting within the European legal framework.
About us
Experience and a close approach to data protection
At Eritia Privacidad we support companies and professionals on the path to solid data protection. We combine legal, technical and human expertise so your organisation is more secure, complies with the law and earns its clients’ trust.
- Ongoing regulatory advice (GDPR, Spanish law, ENS)
- Implementation of technical cybersecurity measures
- Team training and awareness
- Support in Spanish, English and Portuguese
0Years of experience
0Regulatory adaptation
0Languages of support
0Online availability
Sectors that trust us
Experience in your sector
We adapt every project to the reality of your activity. These are some of the sectors we support every day.
Clinics & healthcare
Advisory firms & offices
Retail & hospitality
Educational centres
Local government
Industry & SMEs
Security breaches See real breach cases →
The threats are real. So is prevention.
Thousands of attacks happen every day. Knowing the most notorious breaches helps understand why prevention is not optional. We review real cases and their lessons.
0 cyberattacks per day worldwide (average)
0 of attacks target SMEs
0 average cost of a major breach
0 legal deadline to report a breach
Trust
What those who trust us say
Companies and professionals who have strengthened their compliance and security with Eritia Privacidad.
They fully adapted us to the GDPR and trained the whole team. We now face any audit with peace of mind.
★★★★★
After an email fraud attempt, their protocol and phishing training changed the way we work. Highly recommended.
★★★★★
They managed our Kit Digital from start to finish and deployed cybersecurity without us having to worry about anything.
★★★★★
Frequently asked questions
We answer your questions
The questions we are asked most about data protection and cybersecurity. Have another one? We will be glad to help.
Is my company required to comply with the GDPR?
Yes. Any company or self-employed person that processes data of clients, employees or suppliers must comply with the GDPR and Spanish data protection law, regardless of size.
What happens if I suffer a security breach?
You have 72 hours to report it to the Spanish Data Protection Agency. Having a protocol in place reduces the impact and avoids penalties for negligent handling. We support you throughout the process.
What does the external DPO service involve?
We act as your Data Protection Officer: we oversee compliance, are the point of contact with the authority and handle data subjects’ rights, without you having to hire internal staff.
Can I use Kit Digital for cybersecurity?
Yes. The Kit Digital grant subsidises cybersecurity and backup solutions. As a digitalisation agent we manage the entire grant and paperwork for you.
How long does adapting my company take?
It depends on size and activity, but an SME is usually adapted within a few weeks. After the initial assessment we give you a fixed deadline and price.
Do you work with companies outside Galicia?
Yes. We work in person in our area and remotely across Spain, with support in Spanish, English and Portuguese.
News
See the full blog Latest from the blog
RegulationA practical GDPR guide for SMEs in 2026
The essential data protection obligations every small business must meet, explained step by step and without jargon.
Read article →
CybersecurityHow to spot a phishing email before you fall for it
Phishing is still the entry point for 90% of cyberattacks. Learn to identify the warning signs.
Read article →
Breaches5 major security breaches and what we can learn
Yahoo, Equifax, Marriott… we review the most serious data breaches in history and the lessons for your company.
Read article →Shall we talk about your company’s security?
Request a first assessment with no commitment. We analyse your situation and propose a tailored plan.