THE BOTTOM LINE
- Heightened Scrutiny in Litigation: Expect Spanish courts to be more rigorous about data handling. The plan mandates proactive inspections and audits of judicial bodies, which will increase pressure on litigants to ensure their data practices are compliant.
- Standardization is Coming: New official guidance and templates for data protection in the judicial system will aim to create more predictable procedures, potentially simplifying compliance for companies involved in legal proceedings.
- A More Privacy-Aware Judiciary: A major push for training judges and court staff will create a judiciary that is more sensitive to GDPR principles. This will likely impact how data-heavy evidence, discovery requests, and data subject rights are handled in court.
THE DETAILS
Spain’s General Council of the Judiciary (CGPJ) has unveiled a new strategic plan that will shape data protection within the country’s judicial system from 2026 to 2028. The plan comes from the CGPJ’s Directorate for Supervision and Control of Data Protection (DSYCPD), the specific supervisory authority that oversees data processing for jurisdictional purposes—in other words, the data protection watchdog for the courts themselves. This initiative signals a significant move towards embedding data privacy principles more deeply into the fabric of the Spanish justice system through six key pillars: compliance, legal advice, training, supervision, institutional cooperation, and communication.
A central element of the strategy is a proactive, rather than purely reactive, approach to compliance. The DSYCPD plans to publish a comprehensive guide on data protection within the judicial sphere, aimed at raising awareness and providing clarity for judges and court officials. Alongside this guide, the authority will develop standardized documents to help courts respond to data subject access requests and manage data breach notifications. The goal is to create a consistent and legally sound framework that streamlines data protection operations across all judicial bodies, from local courts to the high courts.
The plan is not just about new rules; it’s about changing the culture through education and enforcement. A significant investment will be made in training courses for judges, court clerks, and administrative staff. The curriculum for new judges at the Judicial School will also be updated to include data protection as a core subject. On the enforcement side, the DSYCPD will continue to handle citizen complaints but will also ramp up its supervisory activities by conducting preventive inspections and audits. This dual approach of education and enforcement, combined with planned cooperation with other data protection authorities like the Spanish AEPD and the EDPS, is designed to ensure the judiciary will be held to the same high standards it expects from the businesses that appear before it.
SOURCE
Source: General Council of the Judiciary (Spain)
