THE BOTTOM LINE
- Heightened Data Diligence in Litigation: Expect Spanish courts to apply stricter data protection standards to case files and evidence, as judges and staff receive mandatory training under the new 2026-2028 Strategic Plan.
- Standardised Compliance Procedures: The plan promises official guides and templates for handling data subject rights and security breaches within the judicial system, leading to more predictable outcomes for businesses involved in legal disputes.
- Proactive Enforcement Sets the Tone: Spain’s judicial data authority will now conduct preventive audits and inspections of courts, signalling a shift towards proactive compliance that reinforces the seriousness of data protection for all entities operating in the country.
THE DETAILS
Spain’s General Council of the Judiciary (CGPJ) has approved a comprehensive roadmap to strengthen data protection compliance within the judicial system itself. The 2026-2028 Strategic Plan, developed by the Council’s Directorate for Data Protection Supervision and Control (DSYCPD), establishes a formal framework for how courts and judicial bodies must handle personal data processed for jurisdictional purposes. This move signifies that data protection is no longer a peripheral issue in legal proceedings but a core component of judicial administration, aligning the courts with the rigorous standards expected of the private sector under the GDPR.
The plan is built on six key pillars, focusing heavily on education and practical support. A cornerstone of the initiative is the creation of a definitive “Guide on data protection in the judicial sphere,” designed to sensitize judges and legal professionals to their obligations. This will be supplemented by formal training courses and the integration of data protection principles into the curriculum of Spain’s Judicial School and judicial entrance exams. For businesses and their legal counsel, this means interacting with a judiciary that is better equipped and more likely to question and enforce proper data handling practices during litigation.
Beyond guidance, the strategy introduces a robust supervisory and enforcement dimension. The DSYCPD is empowered to handle complaints from individuals and, crucially, will conduct proactive inspections and preventive audits of courts to ensure they are adhering to data protection laws. This internal enforcement mechanism will be strengthened through collaboration with national and regional data protection authorities, including the Spanish Data Protection Agency (AEPD) and the European Data Protection Supervisor (EDPS). The plan sends a clear message: the guardians of the law are now placing their own data handling practices under the microscope, setting a powerful precedent for compliance culture across Spain.
SOURCE: Consejo General del Poder Judicial
