THE BOTTOM LINE
- Increased Scrutiny on Court Data: Spain’s judicial system is implementing a formal plan to ensure its own data protection compliance. Businesses and legal teams should anticipate stricter handling and potential challenges regarding personal data submitted in litigation.
- A More Data-Savvy Judiciary: A key focus is on training judges and court staff and publishing official guidance on data protection. Expect judges to be more proactive in questioning how data is presented and protected during legal proceedings.
- Proactive Audits and Enforcement: The plan introduces preventive inspections and audits within the courts. This signals a shift from reactive complaint handling to proactive enforcement, raising the bar for data management for all parties involved in the Spanish justice system.
THE DETAILS
Spain’s General Council of the Judiciary (CGPJ), the governing body of the country’s judges, has approved a new strategic plan for its own data protection watchdog. This body, the Directorate for Supervision and Control of Data Protection (DSYCPD), acts as the data protection authority for all data processed by courts for jurisdictional purposes—in other words, data used directly within legal cases. The 2026-2028 plan outlines a clear roadmap to embed robust data protection principles into the heart of the judicial process, moving beyond simple compliance to active supervision.
The plan’s impact will be felt directly by companies and their legal counsel. A central pillar of the strategy is to provide clarity and support through new guidance and training. The DSYCPD will publish a comprehensive guide on data protection in the judicial sphere, which will become a critical reference for lawyers. This guide will likely address practical issues such as the proper redaction of documents, managing data subject rights requests during litigation, and the procedures for notifying data breaches that occur within the court system. Combined with dedicated training for judges, this initiative will create a more informed judiciary, capable of scrutinizing data handling practices with greater expertise.
Perhaps the most significant development is the emphasis on supervision and enforcement. The plan explicitly empowers the DSYCPD to conduct proactive inspections and audits of courts to assess their compliance with data protection law. This marks a fundamental shift, treating courts not just as arbiters of the law but as data controllers subject to regulatory oversight. Furthermore, the DSYCPD will strengthen its cooperation with other key bodies, including the Spanish Data Protection Agency (AEPD) and the European Data Protection Supervisor (EDPS), ensuring its approach is aligned with the broader national and European privacy landscape. For businesses, this means the data they provide to Spanish courts will be subject to a higher, more actively enforced standard of care.
SOURCE
Source: Consejo General del Poder Judicial (CGPJ)
