The Bottom Line
- Increased Scrutiny on Court Data: Spain’s judicial data protection authority is launching a strategic plan for 2024-2026, signaling more proactive inspections and audits on how courts handle personal and corporate data during legal proceedings.
- New Rules of the Road: Expect clearer and more standardized data protection rules within the Spanish judicial system, as the plan includes publishing official guides and providing mandatory training for judges and court staff.
- Higher Standards for Justice System Suppliers: Companies providing technology or administrative services to the Spanish courts will face stricter compliance expectations as designated “data processors” under this enhanced supervisory framework.
The Details
Spain’s General Council of the Judiciary (CGPJ) has approved a new three-year strategic plan from its specialized Data Protection Supervision and Control Directorate (DSYCPD). This body acts as the official data protection authority for all data processing carried out by Spanish courts for judicial purposes. The 2024-2026 plan aims to significantly increase compliance, training, and supervision, effectively embedding GDPR principles into the core of the justice system. For businesses, this means the sensitive data submitted during litigation will be subject to a more formalized and robust protection regime.
A key pillar of the new strategy is promoting a culture of data compliance from within. The DSYCPD will publish a comprehensive “Guide on data protection in the judicial sphere” and develop standardized templates to help courts manage data subject rights requests and report security breaches. Furthermore, the plan includes creating dedicated training courses for judges, court clerks, and administrative staff, and even aims to integrate data protection into judicial entrance exams. This focus on education is designed to create legal certainty and ensure a consistent approach to data handling across all courts.
Alongside proactive guidance, the plan strengthens the authority’s enforcement capabilities. The DSYCPD will actively handle complaints from individuals and conduct preventive inspections and audits to verify that judicial bodies are complying with data protection law. The strategy also emphasizes institutional cooperation with other regulators, including the main Spanish Data Protection Agency (AEPD) and the European Data Protection Supervisor (EDPS). This collaborative approach signals a mature and integrated enforcement landscape, ensuring that data protection standards are upheld even within the unique context of the judiciary.
Source
Consejo General del Poder Judicial (CGPJ)
