Compliance & Corporate Governance

What is it?

Who is it for?

• SMEs required to implement whistleblower channels under Spanish Law 2/2023
• Companies handling personal data subject to GDPR and the Spanish LOPDGDD
• Businesses in regulated sectors (financial, real estate, construction) with AML obligations
• Companies with 50 or more employees required to have an equality plan
• Boards seeking to improve governance structure ahead of investment, sale, or generational succession

What's included in our service

• Compliance risk assessment tailored to the company's sector and size
• GDPR and data protection programmes: privacy policies, processing records, data processor agreements
• Implementation of internal whistleblower channels compliant with Law 2/2023
• Anti-money-laundering (AML) policies and procedures for obligated entities
• Corporate governance documentation: board regulations, conflict-of-interest policies, delegation of powers
• Equality and diversity plans (Plan de Igualdad) for companies meeting the legal threshold
• Annual compliance review and update service

Documentation you will need to provide

• Current company statutes and organisational chart
• Existing internal policies, codes of conduct, or prior compliance reports
• Employee headcount and contract types for regulatory threshold analysis
• Data processing activities inventory if a prior GDPR assessment has been conducted
• Any regulatory inspection reports or prior sanctions

Key deadlines

• Whistleblower channel (Law 2/2023): companies with 50+ employees were required to comply by 1 December 2023
• Equality plans: mandatory for companies with 50+ employees; registration and renewal required every 4 years
• GDPR: ongoing obligation — breaches can be notified to the AEPD within 72 hours of discovery
• AML risk assessment: annual update recommended for all obligated entities